Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware/Malware Removal Help [RESOLVED]


  • This topic is locked This topic is locked

#1
ewallace18

ewallace18

    New Member

  • Member
  • Pip
  • 7 posts
Thanks for your service. I have completed steps 1-4 in the "before you post your log" instructions. Only one item was discovered by any of the products. I ran an updated version of each, and I used the Trend Micro Housecall for the virus scan. I still have a few pop-up when using IE 6.x. They are usually from adopt.hotbar and venus123. I am running Windows XP with sp2 which was previously installed. Attached is my hijack this log. Any help would be greatly appreciated. Attached File  hijackthisscan1.txt   10.84KB   95 downloads
  • 0

Advertisements


#2
ewallace18

ewallace18

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
After reading some other posts I moved HJT into its own folder instead of the desktop. I ran a new scan and here is the HJT log from that scan. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 4:43:22 PM, on 9/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\WINDOWS\system32\ntvdm.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mediacom.mchs....net/community/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\p9fvqz6.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\RunOnce: [2bp3fti.exe] C:\WINDOWS\system32\2bp3fti.exe /k
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [2bp3fti.exe] C:\WINDOWS\system32\2bp3fti.exe /k
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon MultiPASS Status Monitor.lnk = C:\Program Files\Canon\MultiPASS\monitr32.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126560620640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126560604406
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MPService - Unknown owner - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  • 0

#3
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Reboot into normal mode.

Then, please run this online virus scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log and the Ewido log in your next reply.
  • 0

#4
ewallace18

ewallace18

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for your help.

Attached is the ewido log and then a new HJT log. I was unable (despite my best efforts) to complete a panda activescan. After installing and updating, I selected to scan "my computer" and it began scanning. It stopped each time after a few seconds on the file c:\windows\explorer.exe. It never made it past that even with a long wait. I hope this helps for now.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:41:27 PM, 9/20/2005
+ Report-Checksum: 92932083

+ Scan result:

:mozilla.9:C:\Documents and Settings\Administrator.DESKTOP\Application Data\Mozilla\Profiles\default\09ttrxsx.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Administrator.DESKTOP\Application Data\Mozilla\Profiles\default\09ttrxsx.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator.DESKTOP\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\09ttrxsx.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Default User\Application Data\Mozilla\Profiles\default\09ttrxsx.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Owner.DESKTOP\Application Data\Mozilla\Firefox\Profiles\zoe9ge0s.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@cnn.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@e-2dj6wfl4qocjwdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@e-2dj6wjkysmd5wgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@e-2dj6wjmiqodzolq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@e-2dj6wjnyohd5ogo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@www.burstbeacon[2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner.DESKTOP\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\HJT\backups\backup-20050916-173710-788.dll -> Trojan.Kolweb.d : Cleaned with backup
C:\HJT\backups\backup-20050916-175057-106.dll -> Trojan.Kolweb.d : Cleaned with backup
C:\WINDOWS\cpbrkpie.ocx -> Spyware.Coupon : Cleaned with backup
:mozilla.9:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\09ttrxsx.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\WINDOWS\system32\config\systemprofile\Application Data\Mozilla\Profiles\default\09ttrxsx.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyckazcaoq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkygidpacow-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjl4skajkaoq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjl4soajkdqq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjloaoc5acog-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1jcpeapw2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1lc5aaoqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1odjwaog6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a-1shz2prbmdj6wvny-1sez2pra2dj6wjnygkc5ibpq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.euniverseads[1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cz3.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@specificpop[2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkocldzgkogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkouidzehqa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4alc5oeogudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ogc5wcqasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4oic5eapwmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4uncpedpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoahdpaloqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoeiczmeqqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoendjmfogwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoglczwhogudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkogldjclpgsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokhczccqaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokidjilpqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyancjklpwsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkygmczacqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkysid5ilogwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyupajegowsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkywkdjebogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliaodpwgoqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjligkajoapwqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliomd5wepqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlioodzcgpqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlisocjibpwidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloqncpolpwidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlouhdzkeqawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlowgczgdoa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyspc5eeoamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlywpcjidoqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmigicjecpwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyulcjeloqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyajczafpwwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycpajidpw2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyepazaeowidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyohd5idowidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyokdpigpg2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyond5iepgwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqldpgbpasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywpajcepawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywpd5mkpqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0C.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\system32\p9fvqz6.dll -> Trojan.Kolweb.d : Cleaned with backup
C:\WINDOWS\system32\qbae9ib.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\vkvjjq.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\xfi.dll -> Trojan.Kolweb.d : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 11:08:43 PM, on 9/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\iTunes\iTunesHelper.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mediacom.mchs....net/community/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon MultiPASS Status Monitor.lnk = C:\Program Files\Canon\MultiPASS\monitr32.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126560620640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126560604406
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MPService - Unknown owner - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  • 0

#5
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
You can reenable TeaTimer once your system is clean.

----------------------------------------------

Scan again with HijackThis and check the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c.../search/ie.html
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Then reboot your computer.

Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log in your next reply.
  • 0

#6
ewallace18

ewallace18

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks for your help. I disabled TeaTimer as you asked and removed the two items with HJT. AFter the reboot I attempted again to run a Panda ActiveScan from the site. It did not work again. It verified installation, updated, and gave me the screen to select the scan. I selected "my computer" scan and it started. Once again it stalled when it reached the file c:\windows\explorer.exe. After a lengthy wait it made no progress. I aborted the scan. Attached is the HJT log after the reboot.

Other ideas??

Logfile of HijackThis v1.99.1
Scan saved at 7:55:30 PM, on 9/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mediacom.mchs....net/community/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AutoTKit] C:\hp\bin\AUTOTKIT.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon MultiPASS Status Monitor.lnk = C:\Program Files\Canon\MultiPASS\monitr32.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay10...es/MsnPUpld.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.co...clean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1126560620640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1126560604406
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai....23/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.h...cdetection3.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MPService - Unknown owner - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
  • 0

#7
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
  • 0

#8
ewallace18

ewallace18

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the list you asked for from HJT. Thanks.


Ad-Aware SE Personal
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0
ArcSoft PhotoImpression
ArcSoft ShowBiz 2
AvantGo Client
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bounce from Hewlett-Packard Desktops (remove only)
Cannonballs from Hewlett-Packard Desktops (remove only)
Canon MultiPASS Desktop Manager 3.01
CleanUp!
Creative WebCam NX Pro Driver (1.00.06.0512)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Easy Internet Sign-up
Epocrates Epocrates software for PalmOS
Epocrates Essentials
EPSON Online Reference Guide
EPSON Printer Software
ewido security suite
Excavation from Hewlett-Packard Desktops (remove only)
Film Factory
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
GemMaster 3 from Hewlett-Packard Desktops (remove only)
HijackThis 1.99.1
Honeycombs from Hewlett-Packard Desktops (remove only)
HP Deskjet Preloaded Printer Drivers
HP Instant Support
HP Organize
HP Photo & Imaging 3.0
HP Photo and Imaging 2.0 - Photosmart Cameras
HP Software Update
HPImageZone
Ink Monitor
Intel® Extreme Graphics 2 Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iPod for Windows 2005-03-23
iPod Updater 2004-11-15
iTunes
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
KBD
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Shockwave Player
Mars Rover from Hewlett-Packard Desktops (remove only)
Master Jeweler Home Show Program 2000
Memories Disc Creator 2.0
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Access 2000 Runtime
Microsoft AntiSpyware
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
Mozilla Firefox (1.0)
Multimedia Card Reader
Musicmatch® Jukebox
Netscape Browser (remove only)
Norton AntiVirus 2003
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPass
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Palm Desktop
Panda ActiveScan
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
QuickTime
RealOne Player
RecordNow!
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Slyder from Hewlett-Packard Desktops (remove only)
Sonic Update Manager
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy 1.3.1 TX
STX from Hewlett-Packard Desktops (remove only)
toolkit
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Updates from HP
Virtual Warfare from Hewlett-Packard Desktops (remove only)
Weblink
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
  • 0

#9
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Can you please make a screenshot of the popups you get.......
  • 0

#10
ewallace18

ewallace18

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I'm not exactly sure how to do that but I will try. Interestingly, in the last day or two I have not noticed any pop ups. I'll keep a look out.

Thanks,
Eric
  • 0

#11
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
I think you are clean.... so I''ll give you my prevention speech.

This log looks clean!
  • Don't forget to re-hide all files and folders. To re-hide all files and folders:
    • Open My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading deselect "Show hidden files and folders".
    • Check the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Click OK.
  • This is a good time to set up protection against further attacks. Read the article behind this link "How did I get infected". If you don't already have them, you need an antivirus that is updated, a good firewall for example Kerio Personal Firewall or ZoneLabs Zone Alarm, a spyware blocker like SpywareBlaster and also IE-Spyads and spyware detection (Ad-aware SE and SpyBot S+D). All of these have good free versions available... be very cautious about any security software that advertises in popups or other intrusive ways, they are not only usually useless, but also often have malware in them....

    Instead of Internet Explorer, use a different browser like Opera, Mozilla or Firefox.

    Last, but not least, you need to keep Windows and Internet Explorer up to date by getting all the latest security patches that protects your computer.

    This can be accessed by going to http://windowsupdate.microsoft.com and following the prompts.

    Please post back if you are still having any problems....

  • 0

#12
didom

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP