Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help Dropped Internet Connections

Started by jckazz , Sep 16 2005 01:06 PM

  • This topic is locked This topic is locked

#16
joshuacat
Posted 23 September 2005 - 01:18 PM

joshuacat

    Visiting Staff

  • Member
  • PipPipPip
  • 188 posts
jckazz:

Okay, some of the items shown in the scan are probably not active, but we will try to get rid of them, and the ones that are active.
We will run another scan with another tool to see where we stand at the end. Let me know if things performing better.

After reviewing your log I see a few items that require our attention. Please print out the instructions here (or save it in Notepad) so that you can follow along more easily.

1. a. Download the FixSwen.exe file from: http://www.symantec....ter/FixSwen.exe.
b. Save the file to a convenient location, such as your downloads folder or the Windows desktop (or removable media known to be uninfected).
c. Double-click the FixSwen.exe file to start the removal tool.
d. Click Start to begin the process, and then allow the tool to run.
e. Restart the computer.
f. Run the removal tool again to ensure that the system is clean.

Let me know if anything was found and if it was successfully removed.


2. To remove the Javabytver viruses, it's necessary to clear the Java Cache.

Start >> Control Panel >> Java (or Java Applet)

Depending on the version:

Under the 'Cache' tab, select 'Clear Cache'

or

Under the 'General' tab....'Temporary Internet Files', select 'Delete files'. Uncheck 'Downloaded Applets' and 'Downloaded Applications', then click Ok.


3. Download CCleaner and install it, but do not run it yet.


4. Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates


5. a) Please download the Killbox.
Unzip it to the desktop and run it.

b) Select "Delete on Reboot".

c) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\backup\Nokia 7250i, 7210, 6100, 6610, 7250, 5100, S40s apps , pics , games , ringtones by KSK-85.rar
C:\downloads\dvdplayer\aiodvdplayer.exe
C:\downloads\emule\overnet0.50.1.exe
C:\downloads\visual_studio\vs6.exe
C:\Program Files\Screensavers.com\Installer\bin\ScreensaversInst.dll
C:\WINDOWS\ibi-xs.exe
C:\WINDOWS\system32\iegfxfrw.dll

d) Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

e) Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.


6. Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
If you are having problems, additional instructions on how to do this can be found here: How to start Windows in Safe mode.


7. Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\backup\nokia 7250i, 7210, 6100, 6610, 7250, 5100, s40s apps , pics , games , ringtones by ksk-85\ <==entire folder

Let me know if you had any problems with the deletions.


8. Now run CCleaner.
  • Uncheck "Cookies" under "Internet Explorer".
  • If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
  • Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.

9. Now open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Finally, restart your computer back into Normal Mode and please post a new HJT log, as well as the ewido report log from the Ewido scan by using Add Reply

JC
  • 0

Advertisements

#17
jckazz
Posted 24 September 2005 - 02:38 AM

jckazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry I didn't realize there was a second page

Here are the logs


Logfile of HijackThis v1.99.1
Scan saved at 11:16:44 AM, on 9/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Commander Pro\UPServ.exe
C:\Program Files\Commander Pro\UPS.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\G-VGA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\hjt\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.yahoo.com"); (C:\Documents and Settings\marc\Application Data\Mozilla\Profiles\default\vir632vz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\marc\Application Data\Mozilla\Profiles\default\vir632vz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://wow.bezeq.co....te/iftwclix.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: UPSmart - Unknown owner - C:\Program Files\Commander Pro\UPServ.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - c:\MEDIAE~1.0\x10nets.exe (file missing)








---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:12:52 AM, 9/24/2005
+ Report-Checksum: 81898677

+ Scan result:

C:\!Submit\ibi-xs.exe -> Dialer.Generic : Cleaned without backup
C:\!Submit\iegfxfrw.dll -> Spyware.Hijacker.Generic : Cleaned without backup
C:\!Submit\ScreensaversInst.dll -> Spyware.Comet : Cleaned without backup
:mozilla.10:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.11:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.12:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.13:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.14:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
:mozilla.20:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.21:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.22:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.31:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.51:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned without backup
:mozilla.53:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.54:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.55:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.56:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.57:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.58:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.59:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.61:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.62:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.63:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.64:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.65:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned without backup
:mozilla.66:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned without backup
:mozilla.68:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned without backup
:mozilla.77:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
:mozilla.84:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
:mozilla.86:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.88:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned without backup
:mozilla.98:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned without backup
:mozilla.99:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned without backup
:mozilla.100:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.101:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.102:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.103:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.104:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned without backup
:mozilla.110:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.111:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.112:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.113:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.114:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.115:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned without backup
:mozilla.126:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Com : Cleaned without backup
:mozilla.127:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Com : Cleaned without backup
:mozilla.129:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned without backup
:mozilla.130:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned without backup
:mozilla.132:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned without backup
:mozilla.139:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned without backup
:mozilla.154:C:\Documents and Settings\marc\Application Data\Mozilla\Firefox\Profiles\du3d1vah.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
:mozilla.11:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.19:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
:mozilla.20:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
:mozilla.24:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.26:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.36:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Cj : Cleaned without backup
:mozilla.37:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Cj : Cleaned without backup
:mozilla.38:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Cj : Cleaned without backup
:mozilla.39:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.40:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.41:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned without backup
:mozilla.42:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Cj : Cleaned without backup
:mozilla.43:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.44:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.45:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.46:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.48:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned without backup
:mozilla.49:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned without backup
:mozilla.50:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned without backup
:mozilla.51:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.52:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.53:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.55:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.56:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.57:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.60:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned without backup
:mozilla.63:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
:mozilla.64:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
:mozilla.67:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned without backup
:mozilla.70:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
:mozilla.71:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
:mozilla.72:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup
:mozilla.76:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.77:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.78:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.79:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.80:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.81:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.82:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.83:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.85:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned without backup
:mozilla.86:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned without backup
:mozilla.87:C:\Documents and Settings\mfischma\Application Data\Mozilla\Firefox\Profiles\gffe6rol.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned without backup
:mozilla.22:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.23:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.24:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.25:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.26:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.27:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.28:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.29:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.30:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.31:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.32:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.33:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.34:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.35:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.36:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.37:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.38:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.39:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.40:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.41:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.42:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.43:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.44:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.45:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.46:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.47:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.48:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.49:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.50:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.51:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.52:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.53:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.54:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.55:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.56:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.57:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.58:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.59:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.60:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.61:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.62:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.63:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.64:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.65:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.66:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.67:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.68:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.69:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.70:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.71:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned without backup
:mozilla.73:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.74:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.75:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.76:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.77:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.78:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.79:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.80:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.81:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.82:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.83:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.84:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.85:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.86:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.87:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.88:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.89:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.90:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.91:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.92:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned without backup
:mozilla.95:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.96:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.116:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
:mozilla.118:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned without backup
:mozilla.126:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned without backup
:mozilla.138:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned without backup
:mozilla.143:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.144:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.145:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.146:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.147:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.148:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.149:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.150:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.151:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.152:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.153:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.156:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned without backup
:mozilla.157:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned without backup
:mozilla.158:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned without backup
:mozilla.159:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned without backup
:mozilla.168:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
:mozilla.169:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
:mozilla.170:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
:mozilla.171:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
:mozilla.172:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
:mozilla.173:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned without backup
:mozilla.174:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned without backup
:mozilla.178:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.179:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.180:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.181:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.182:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.183:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
:mozilla.184:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
:mozilla.191:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned without backup
:mozilla.192:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
:mozilla.193:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned without backup
:mozilla.221:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.228:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.229:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup
:mozilla.234:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned without backup
:mozilla.235:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned without backup
:mozilla.236:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned without backup
:mozilla.245:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned without backup
:mozilla.246:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned without backup
:mozilla.254:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.255:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.256:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.257:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.261:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned without backup
:mozilla.269:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned without backup
:mozilla.291:C:\Documents and Settings\srulik\Application Data\Mozilla\Firefox\Profiles\1avmq2nx.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned without backup
C:\Documents and Settings\srulik\Cookies\srulik@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned without backup
C:\Documents and Settings\srulik\Cookies\srulik@com[2].txt -> Spyware.Cookie.Com : Cleaned without backup
C:\Documents and Settings\srulik\Cookies\[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned without backup
C:\Documents and Settings\srulik\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B4286304-63FF-4816-A638-957D0B\1980BEF1-4C98-4F59-BEC2-AA23AD -> TrojanDownloader.Small.asf : Cleaned without backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\B4286304-63FF-4816-A638-957D0B\22C95F05-338C-4CFB-84B1-7C18C6 -> Spyware.180Solutions : Cleaned without backup


::Report End
  • 0

#18
jckazz
Posted 24 September 2005 - 02:45 AM

jckazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
... and by the way, fixswen did not find anything.

Thanks again for your help,

Marc
  • 0

#19
joshuacat
Posted 24 September 2005 - 08:00 AM

joshuacat

    Visiting Staff

  • Member
  • PipPipPip
  • 188 posts
Great work! The Ewido scan seemed to clean up a lot of left overs as well.

First question, does your computer seem to be running any better now?

We went through quite a few scans with you. I believe that most of the infections were leftovers from another time. Although, you did have a few things detected and deleted. Your anti-virus from looking at your log, looks like you are running AVG. Make sure it is updated -mine shows 23/09/2005 in the bottom right corner. Is your dated the same.(or around that date) Since you did have traces of viruses, I would make sure that your AVG is updated and that you run a complete scan. Hopefully nothing will be found, but if there is something found it will delete the infection. Let me know what is found. If it finds something the first time and cleans it, run the scanner again to make sure it comes up clean. To prevent infections in the future, you should do the updates and scans on a regular basis.

In an earlier step, I had you install the latest versions of Spybot Search & Destroy(version 1.4) and Ad-aware.(1.06r1)
Make sure that both of these programs are updated and your run a full scan with each of these to ensure you are clean. Again, to detect and remove infections in the future, you should do the updates and scans on a regular basis. Let me know if anything is found.


Your log looks clean, but if you are still experiencing problems we can dig deeper.

Let me know what is found within your scans.

Good-luck,

JC

Edited by joshuacat, 24 September 2005 - 08:06 AM.

  • 0

#20
jckazz
Posted 24 September 2005 - 02:09 PM

jckazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
AVG did not find anything.

Spybot found 11 entries ...
It says it fixed all of them

I ran Spybot again immediately after and it returned no entries.

Ad-Aware found 2 entries and it removed them. I re-ran ad-aware immediately after and it found nothing ...

here is the adaware and hjt logs






Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, September 24, 2005 9:44:24 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R67 20.09.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):17 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


9-24-2005 9:44:24 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\marc\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\marc\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\microsoft\office\10.0\excel\recent files
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-220523388-1284227242-839522115-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 332
ThreadCreationTime : 9-24-2005 9:14:26 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 384
ThreadCreationTime : 9-24-2005 9:14:31 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\SYSTEM32\
ProcessID : 408
ThreadCreationTime : 9-24-2005 9:14:32 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 452
ThreadCreationTime : 9-24-2005 9:14:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 464
ThreadCreationTime : 9-24-2005 9:14:32 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 616
ThreadCreationTime : 9-24-2005 9:14:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 9-24-2005 9:14:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 696
ThreadCreationTime : 9-24-2005 9:14:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 744
ThreadCreationTime : 9-24-2005 9:14:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 772
ThreadCreationTime : 9-24-2005 9:14:34 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 948
ThreadCreationTime : 9-24-2005 9:14:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1064
ThreadCreationTime : 9-24-2005 9:14:38 AM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:13 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1080
ThreadCreationTime : 9-24-2005 9:14:38 AM
BasePriority : Normal
FileVersion : 7,1,0,321
ProductVersion : 7.1.0.321
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:14 [eebsvc.exe]
FilePath : C:\Program Files\Common Files\EPSON\EBAPI\
ProcessID : 1136
ThreadCreationTime : 9-24-2005 9:14:39 AM
BasePriority : Normal


#:15 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1176
ThreadCreationTime : 9-24-2005 9:14:40 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:16 [inetinfo.exe]
FilePath : C:\WINDOWS\System32\inetsrv\
ProcessID : 1376
ThreadCreationTime : 9-24-2005 9:14:40 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Internet Information Services
CompanyName : Microsoft Corporation
FileDescription : Internet Information Services
InternalName : INETINFO.EXE
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : INETINFO.EXE

#:17 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 1388
ThreadCreationTime : 9-24-2005 9:14:40 AM
BasePriority : Normal
FileVersion : 7.10.3077
ProductVersion : 7.10.3077
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright© Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1516
ThreadCreationTime : 9-24-2005 9:14:41 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1572
ThreadCreationTime : 9-24-2005 9:14:41 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [upserv.exe]
FilePath : C:\Program Files\Commander Pro\
ProcessID : 1636
ThreadCreationTime : 9-24-2005 9:14:41 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : UPSmart Module
FileDescription : UPSmart Module
InternalName : UPSmart
LegalCopyright : Copyright 1999
OriginalFilename : UPSmart.EXE

#:21 [ups.exe]
FilePath : C:\Program Files\Commander Pro\
ProcessID : 1932
ThreadCreationTime : 9-24-2005 9:14:49 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : UPS2000 Application
FileDescription : UPS2000 MFC Application
InternalName : UPS2000
LegalCopyright : Copyright © 1999
OriginalFilename : UPS2000.EXE

#:22 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1968
ThreadCreationTime : 9-24-2005 9:14:50 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:23 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1060
ThreadCreationTime : 9-24-2005 9:14:53 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:24 [hpztsb07.exe]
FilePath : C:\WINDOWS\System32\spool\drivers\w32x86\3\
ProcessID : 2092
ThreadCreationTime : 9-24-2005 9:14:58 AM
BasePriority : Normal
FileVersion : 2,140,0,0
ProductVersion : 2,140,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2002

#:25 [atiptaxx.exe]
FilePath : C:\Program Files\ATI Technologies\ATI Control Panel\
ProcessID : 2116
ThreadCreationTime : 9-24-2005 9:14:59 AM
BasePriority : Normal
FileVersion : 6.14.10.4029
ProductVersion : 6.14.10.4029
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2002 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:26 [g-vga.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2260
ThreadCreationTime : 9-24-2005 9:15:01 AM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Menu Application
FileDescription : Menu MFC Application
InternalName : Menu
LegalCopyright : Copyright © 2001
OriginalFilename : Menu.EXE

#:27 [fpdisp5a.exe]
FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
ProcessID : 2276
ThreadCreationTime : 9-24-2005 9:15:02 AM
BasePriority : Normal
FileVersion : 5.16
ProductVersion : 5.16
ProductName : FinePrint
CompanyName : FinePrint Software, LLC
FileDescription : FinePrint
LegalCopyright : Copyright © 1995-2004 FinePrint Software, LLC

#:28 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_04\bin\
ProcessID : 2304
ThreadCreationTime : 9-24-2005 9:15:02 AM
BasePriority : Normal


#:29 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 2312
ThreadCreationTime : 9-24-2005 9:15:02 AM
BasePriority : Normal
FileVersion : 5.0.21
ProductVersion : 5.0.21
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2001-2003 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:30 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 2336
ThreadCreationTime : 9-24-2005 9:15:03 AM
BasePriority : Normal
FileVersion : 7,1,0,338
ProductVersion : 7.1.0.338
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:31 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2364
ThreadCreationTime : 9-24-2005 9:15:03 AM
BasePriority : Normal
FileVersion : 4.8.0.32
ProductVersion : 4.8.0.32
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 2376
ThreadCreationTime : 9-24-2005 9:15:03 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:33 [datalayer.exe]
FilePath : C:\Program Files\Common Files\PCSuite\DataLayer\
ProcessID : 2384
ThreadCreationTime : 9-24-2005 9:15:04 AM
BasePriority : Normal
FileVersion : 6, 60, 109, 2
ProductVersion : 6, 0
ProductName : Nokia PC Suite
CompanyName : Nokia Mobile Phones Ltd.
FileDescription : DataLayer 2.0 Module
InternalName : DataLayer 2.0
LegalCopyright : Copyright © 2005. Nokia. All rights reserved.
OriginalFilename : DataLayer.exe

#:34 [launchapplication.exe]
FilePath : C:\Program Files\Nokia\Nokia PC Suite 6\
ProcessID : 2396
ThreadCreationTime : 9-24-2005 9:15:04 AM
BasePriority : Normal


#:35 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2420
ThreadCreationTime : 9-24-2005 9:15:04 AM
BasePriority : Normal
FileVersion : 4.8.0.32
ProductVersion : 4.8.0.32
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2005 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:36 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2448
ThreadCreationTime : 9-24-2005 9:15:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:37 [pcsync2.exe]
FilePath : C:\Program Files\Nokia\Nokia PC Suite 6\
ProcessID : 2456
ThreadCreationTime : 9-24-2005 9:15:06 AM
BasePriority : Normal
FileVersion : 2.00 (445)
ProductVersion : 2.00
ProductName : PC Sync
CompanyName : Time Information Services Ltd.
FileDescription : PC Sync
InternalName : PcSync2
LegalCopyright : Copyright © Time I.S. Ltd. 2002 - 2005
OriginalFilename : PcSync2.EXE

#:38 [gcasdtserv.exe]
FilePath : C:\Program Files\Microsoft AntiSpyware\
ProcessID : 2508
ThreadCreationTime : 9-24-2005 9:15:07 AM
BasePriority : Normal
FileVersion : 1.00.0615
ProductVersion : 1.00.0615
ProductName : Microsoft AntiSpyware (Beta 1)
CompanyName : Microsoft Corporation
FileDescription : Microsoft AntiSpyware Data Service
InternalName : gcasDtServ
LegalCopyright : Copyright © 2004-2005 Microsoft Corporation. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation. SpyNet™ is a trademark of Microsoft Corporation.
OriginalFilename : gcasDtServ.exe

#:39 [mpapi3s.exe]
FilePath : C:\PROGRA~1\COMMON~1\Nokia\MPAPI\
ProcessID : 2684
ThreadCreationTime : 9-24-2005 9:15:11 AM
BasePriority : Normal
FileVersion : 6.60.157.1
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia Corporation
FileDescription : Mobile Phone API
InternalName : MPAPI
LegalCopyright : Copyright © 1999-2004 Nokia. All Rights Reserved
OriginalFilename : MPAPI.EXE

#:40 [servic~1.exe]
FilePath : C:\PROGRA~1\COMMON~1\PCSuite\Services\
ProcessID : 2748
ThreadCreationTime : 9-24-2005 9:15:11 AM
BasePriority : Normal
FileVersion : 6, 60, 33, 1
ProductVersion : 6.0
ProductName : Nokia Connectivity Library
CompanyName : Nokia.
FileDescription : ServiceLayer Module
InternalName : ServiceLayer
LegalCopyright : Copyright © 2002-2005 Nokia. All Rights Reserved.
OriginalFilename : ServiceLayer.exe

#:41 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2984
ThreadCreationTime : 9-24-2005 9:15:19 AM
BasePriority : Normal


#:42 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3268
ThreadCreationTime : 9-24-2005 9:15:42 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:43 [thunderbird.exe]
FilePath : C:\Program Files\Mozilla Thunderbird\
ProcessID : 3312
ThreadCreationTime : 9-24-2005 10:39:02 AM
BasePriority : Normal


#:44 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3916
ThreadCreationTime : 9-24-2005 7:39:39 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 17


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marc@real[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/
Expires : 11-23-2005 12:14:50 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : marc@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:[email protected]/
Expires : 9-25-2010 2:53:36 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 19



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Deep scanning and examining files (F:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for F:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19

10:05:46 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:21:22.625
Objects scanned:266813
Objects identified:2
Objects ignored:0
New critical objects:2





Logfile of HijackThis v1.99.1
Scan saved at 11:03:56 PM, on 9/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Commander Pro\UPServ.exe
C:\Program Files\Commander Pro\UPS.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\G-VGA.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\hjt\HijackThis.exe

N3 - Netscape 7: user_pref("browser.startup.homepage", "http://my.yahoo.com"); (C:\Documents and Settings\marc\Application Data\Mozilla\Profiles\default\vir632vz.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\marc\Application Data\Mozilla\Profiles\default\vir632vz.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://wow.bezeq.co....te/iftwclix.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: UPSmart - Unknown owner - C:\Program Files\Commander Pro\UPServ.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - c:\MEDIAE~1.0\x10nets.exe (file missing)
  • 0

#21
joshuacat
Posted 24 September 2005 - 02:58 PM

joshuacat

    Visiting Staff

  • Member
  • PipPipPip
  • 188 posts
Log looks clean...great job! :tazz:

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to enable and enable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above

--------------------------------------------------------------
Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detection and Removal Programs:

You already have 3 good Anti-spyware detection programs -SpyBot, Ad-Aware and MS anti-spyware. It is important that all of these programs are updated, and you run full system scans on a regular basis.

Please see the following tutorials below:

How to use Ad-Aware to remove Spyware
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

Prevention Programs:

I recommend the following two programs that will help prevent an infection:

Spywareblaster - SpywareBlaster will prevent spyware from being installed.
Spywareguard - SpywareGuard offers realtime protection from spyware installation attempts.

Both programs will compliment one another.

Other necessary Programs:

Anti-virus program - It looks like you have an anti-virus program. It is important that this program is updated, and you run a full system scan on a regular basis.

More Secure Browser - Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.

And also see TonyKlein's good advice
So how did I get infected in the first place? and Spyware Aid's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

Please reply back again to confirm that everything is okay, and you understand all of my clean-up steps.
  • 0

#22
jckazz
Posted 28 September 2005 - 06:49 PM

jckazz

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hi JC

I performed all of your cleanup steps, but I am still getting disconnects. They are much less frequent, and I have also noticed my pc is performing much much better than before. Can you think of anything else that could be causing the disconnects besides my ISP.

I appreciate all of your help.

Marc
  • 0

#23
joshuacat
Posted 28 September 2005 - 08:28 PM

joshuacat

    Visiting Staff

  • Member
  • PipPipPip
  • 188 posts
Let's make sure that nothing malware related is hiding somewhere...If nothing is found, I may get you to make a post in our Network Forum. One of the experts over there may be able to help you with your issue. What exactly is happening? What are the exact details of your connection? What specific applications are you in when you get the disconnects? Does it occur within every application? Some network cards have a self diagnostic test, have you ran that? How often are the disconnects. Has your service provider ran tests with you? You can think about those questions, and think of as many details as you can before I redirect you to our network experts.

Anyways, let's see if anything is hiding ...

Download WindPFind

Extract WinPFind.zip to your c:\ folder.

Reboot your computer into Safe Mode

Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to start scanning your computer. Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed. Reboot your computer back to normal mode and and post the contents of c:\WinPFind\WinPFind.txt as a reply to this topic.

JC

:tazz:
  • 0

#24
joshuacat
Posted 12 October 2005 - 05:51 AM

joshuacat

    Visiting Staff

  • Member
  • PipPipPip
  • 188 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP