Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PSGuard [RESOLVED]


  • This topic is locked This topic is locked

#1
Fireemblem54

Fireemblem54

    New Member

  • Member
  • Pip
  • 8 posts
Hi all:

A few days ago, upon restarting my computer, my desktop became an "error message" and an odd number of popups began, as well as the "Spyware Removal" program, PSGuard. My internet connection has been slow, and PSGuard cannot be uninstalled., ever since. After reading about PSGuard, as I had figured, this was my problem.

I've done everything requested from the floated thread, rebooted, came back, and for the first time, PSGuard didn't open. However, I'm not 100% sure if I'm good to go, or if maybe something fluked or what not. So I figure it's best I post my log anyway, and see if somebody can let me know whats up with my computer:

Logfile of HijackThis v1.99.1
Scan saved at 11:54:48 AM, on 9/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\Smtray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Kylee\reg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Dawn\LOCALS~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {304EC1B8-9AE4-6B12-37EE-58F061BD63AE} - C:\WINDOWS\System32\7jo461DF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7C5C27C6-5D43-4A33-A29D-02DB3096AEF7} - C:\WINDOWS\System32\hlam.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGRUN] C:\Documents and Settings\Kylee\reg.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {7947EF28-26F0-4180-A69A-0AF2BE7F94E2} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-30.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.33/ttinst.cab
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_9.dll
O21 - SSODL: GXDNCVdudvH - {304EC1B2-9AE4-6B18-7E6A-480461BD63AB} - C:\WINDOWS\System32\nc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: E10fdeiccekl - Intel Corporation - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements


#2
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi fireemblemb4, welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your problem.

Your system still has 3 major infections going on at the same time. We will tackle them one at a time.

1. Download CWShredder

If you are using anything other than Windows xp you may need a zip program.
Please download the evaluation version of
Winzip.


2. Download SpSeHjfix.zip to the desktop.
  • Then right click on the desktop and select new >folder, name it spfix
  • Unzip SpSeHjfix.zip into the new folder.
3. Disconnect from the net and Close ALL OPEN PROGRAMS.
  • Run 'SpSeHjfix'. and click on "Start Disinfection".
  • When it's finished it will reboot your machine to finish the cleaning process.
  • The tool creates a log of the fix which will appear in the folder.
If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage.

4. Once it is finished, run CWShredder - Hit The FIX button!

5. Reboot and post a new HJT log and the log that was created by 'SpSeHjfix'.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.

Regards,

Trevuren

  • 0

#3
Fireemblem54

Fireemblem54

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi fireemblemb4, welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your problem.

Your system still has 3 major infections going on at the same time.  We will tackle them one at a time.

1.  Download  CWShredder

If you are using anything other than Windows xp you may need a zip program.
Please download the evaluation version of
Winzip.
2. Download SpSeHjfix.zip to the desktop.

  • Then right click on the desktop and select new >folder, name it spfix
  • Unzip  SpSeHjfix.zip into the new folder.
3. Disconnect from the net and Close ALL OPEN PROGRAMS.
  • Run 'SpSeHjfix'. and click on "Start Disinfection".
  • When it's finished it will reboot your machine to finish the cleaning process.
  • The tool creates a log of the fix which will appear in the folder.
If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage.

4. Once it is finished, run CWShredder - Hit The FIX button!

5. Reboot and post a new HJT log and the log that was created by 'SpSeHjfix'.

Warning Note: On a few occasions it has been reported that after using the SPSEHjfix you cannot open Internet Explorer. To fix this, go into Control Panel >Internet Options >Programs & press reset web settings, then you can set your home page to what you want on the general tab.

Regards,

Trevuren

View Post

I don't think anything happened, but I'm not sure I did this all right. I ran CWShredder, and it told me there were no infections. I then downloaded SpSeHjfix.zip to my desktop, unzipped it into the new folder, where the file was titled "SpSeHjfix112". I opened the program, clicked "disinfect", at which point nothing happened. I closed the program, reopened it, click again, this time to button showed itself being pressed, but then the whole house lost power (related or really odd timing?). The I pressed the power button, it logged itself back into my XP account, where as nothing opened. I reopened SpSeHjfix112, clicked disinfect, at which point the top reads "not infected" and the log button became avalible. The log is as follows:

(9/17/05 2:22:46 PM) SPSeHjFix started v1.1.2
(9/17/05 2:22:46 PM) OS: WinXP Service Pack 1 (5.1.2600)
(9/17/05 2:22:46 PM) Language: english
(9/17/05 2:22:46 PM) Win-Path: C:\WINDOWS
(9/17/05 2:22:46 PM) System-Path: C:\WINDOWS\System32
(9/17/05 2:22:46 PM) Temp-Path: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\
(9/17/05 2:22:48 PM) Disinfection started
(9/17/05 2:22:48 PM) Bad-Dll(IEP): c:\docume~1\dawn\locals~1\temp\se.dll
(9/17/05 2:22:48 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:22:48 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:22:48 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant:
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://c:\docume~1\dawn\locals~1\temp\se.dll/space.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page:
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(9/17/05 2:22:48 PM) Stealth-String not found
(9/17/05 2:22:48 PM) No locked Files to delete. End without Reboot
(9/17/05 2:22:50 PM) Disinfection started
(9/17/05 2:22:50 PM) Bad-Dll(IEP): c:\docume~1\dawn\locals~1\temp\se.dll
(9/17/05 2:22:50 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:22:50 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:22:50 PM) Bad IE-pages: (none)
(9/17/05 2:22:50 PM) Stealth-String not found
(9/17/05 2:22:50 PM) No locked Files to delete. End without Reboot
(9/17/05 2:23:03 PM) Disinfection started
(9/17/05 2:23:03 PM) Bad-Dll(IEP): c:\docume~1\dawn\locals~1\temp\se.dll
(9/17/05 2:23:03 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:23:03 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:23:03 PM) Bad IE-pages: (none)
(9/17/05 2:23:03 PM) Stealth-String not found
(9/17/05 2:23:03 PM) No locked Files to delete. End without Reboot


(9/17/05 2:23:28 PM) SPSeHjFix started v1.1.2
(9/17/05 2:23:28 PM) OS: WinXP Service Pack 1 (5.1.2600)
(9/17/05 2:23:28 PM) Language: english
(9/17/05 2:23:28 PM) Win-Path: C:\WINDOWS
(9/17/05 2:23:28 PM) System-Path: C:\WINDOWS\System32
(9/17/05 2:23:28 PM) Temp-Path: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\
(9/17/05 2:23:30 PM) Disinfection started
(9/17/05 2:23:30 PM) Bad-Dll(IEP): (not found)
(9/17/05 2:23:30 PM) Bad-Dll(IEP) in BHO: (not found)
(9/17/05 2:23:30 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:23:30 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:23:30 PM) Bad IE-pages: (none)
(9/17/05 2:23:30 PM) Stealth-String not found
(9/17/05 2:23:30 PM) Not infected->END


(9/17/05 2:28:39 PM) SPSeHjFix started v1.1.2
(9/17/05 2:28:39 PM) OS: WinXP Service Pack 1 (5.1.2600)
(9/17/05 2:28:39 PM) Language: english
(9/17/05 2:28:39 PM) Win-Path: C:\WINDOWS
(9/17/05 2:28:39 PM) System-Path: C:\WINDOWS\System32
(9/17/05 2:28:39 PM) Temp-Path: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\
(9/17/05 2:28:43 PM) Disinfection started
(9/17/05 2:28:43 PM) Bad-Dll(IEP): (not found)
(9/17/05 2:28:43 PM) Bad-Dll(IEP) in BHO: (not found)
(9/17/05 2:28:43 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:28:43 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:28:44 PM) Bad IE-pages: (none)
(9/17/05 2:28:44 PM) Stealth-String not found
(9/17/05 2:28:44 PM) Not infected->END


(9/17/05 2:33:07 PM) SPSeHjFix started v1.1.2
(9/17/05 2:33:07 PM) OS: WinXP Service Pack 1 (5.1.2600)
(9/17/05 2:33:07 PM) Language: english
(9/17/05 2:33:07 PM) Win-Path: C:\WINDOWS
(9/17/05 2:33:07 PM) System-Path: C:\WINDOWS\System32
(9/17/05 2:33:07 PM) Temp-Path: C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\
(9/17/05 2:33:09 PM) Disinfection started
(9/17/05 2:33:09 PM) Bad-Dll(IEP): (not found)
(9/17/05 2:33:09 PM) Bad-Dll(IEP) in BHO: (not found)
(9/17/05 2:33:09 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:33:09 PM) UBF: 7 - UBB: 2 - UBR: 18
(9/17/05 2:33:09 PM) Bad IE-pages: (none)
(9/17/05 2:33:09 PM) Stealth-String not found
(9/17/05 2:33:09 PM) Not infected->END

I then ran CWShredder again, once again with no infections registering.

My HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:37:22 PM, on 9/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Documents and Settings\Kylee\reg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {304EC1B8-9AE4-6B12-37EE-58F061BD63AE} - C:\WINDOWS\System32\7jo461DF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7C5C27C6-5D43-4A33-A29D-02DB3096AEF7} - C:\WINDOWS\System32\hlam.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [REGRUN] C:\Documents and Settings\Kylee\reg.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {7947EF28-26F0-4180-A69A-0AF2BE7F94E2} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-30.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.33/ttinst.cab
O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_9.dll
O21 - SSODL: GXDNCVdudvH - {304EC1B2-9AE4-6B18-7E6A-480461BD63AB} - C:\WINDOWS\System32\nc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: E10fdeiccekl - Intel Corporation - (no file)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
It worked, well done :tazz:

Now for PSGuard.
  • Download the following self-extracting file smitRem.exe and save the file to your DESKTOP.
    • Double click the Smitrem.exe icon on your Desktop.
    • Then click Run>Start and a Smitrem folder will apear on your desktop also.
  • Place a shortcut to Panda ActiveScan on your desktop.

  • Download the trial version of Ewido Security Suite

  • Please read Ewido Setup Instructions
    • Install the program
    • Update the definitions to the newest files.
    • DO NOT RUN IT YET
  • Install Ad-Aware SE 1.06, follow these download and setup instructions.
  • REBOOT your computer in SafeMode by doing the following:
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    • Instead of Windows loading as normal, a menu should appear
    • Select the first option, to run Windows in Safe Mode.
  • Now open HJT, click SCAN and place a checkmark next to each of the following items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=3c01&lc=0409
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    O2 - BHO: (no name) - {304EC1B8-9AE4-6B12-37EE-58F061BD63AE} - C:\WINDOWS\System32\7jo461DF.dll
    O2 - BHO: (no name) - {7C5C27C6-5D43-4A33-A29D-02DB3096AEF7} - C:\WINDOWS\System32\hlam.dll (file missing)
    O4 - HKLM\..\Run: [REGRUN] C:\Documents and Settings\Kylee\reg.exe
    O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...Bridge-c139.cab
    O21 - SSODL: DCOM Server - {2C1CD3D7-86AC-4068-93BC-A02304BB8C34} - C:\WINDOWS\System32\dcom_9.dll
    O21 - SSODL: GXDNCVdudvH - {304EC1B2-9AE4-6B18-7E6A-480461BD63AB} - C:\WINDOWS\System32\nc.dll




  • Click the Fix Checked box and EXIT HJT

  • Using Windows Explorer, please locate and DELETE the following files/folders (with all their content), if they are still present:

    C:\Documents and Settings\Kylee\reg.exe
    C:\WINDOWS\System32\7jo461DF.dll
    C:\WINDOWS\System32\hlam.dll
    C:\Program Files\PSGuard<===Folder
    C:\WINDOWS\System32\dcom_9.dll
    C:\WINDOWS\System32\nc.dll

  • Open the smitRem folder
    • Double click the RunThis.bat file to start the tool.
    • Follow the prompts on screen.
    • Wait for the tool to complete and disk cleanup to finish.

    NOTE:The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

  • Open Ad-aware and do a full scan. Remove all it finds.

  • Run Ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • NOTE: During some scans with ewido it is finding cases of false positives.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
    • When the scan is finished, click the Save report button at the bottom of the screen.
    • Save the report to your desktop
    • Close Ewido
  • Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

  • REBOOT back into Normal Mode

  • Click the Panda ActiveScan shortcut
    • Do a full system scan.
    • Make sure the autoclean box is checked!
  • Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let me know if any problems persist.

Regards,

Trevuren

  • 0

#5
Fireemblem54

Fireemblem54

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Ok, not all of that went 100% smoothly, but I did what I could. On Step 9, C:\WINDOWS\System32/dcom_9.dll could not be deleated.

Ewindo:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:43:48 PM, 9/17/2005
+ Report-Checksum: 6839E3C

+ Scan result:

:mozilla.12:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.13:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.15:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.17:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.18:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.19:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.20:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.25:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.26:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.27:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.28:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.29:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.30:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.31:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.32:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.33:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.34:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.35:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.36:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.37:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.38:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.39:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.40:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.41:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.42:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.43:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.44:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.45:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.46:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.47:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.48:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.49:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.50:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.51:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.52:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.53:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.54:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.55:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.56:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.57:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.58:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.59:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.60:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.61:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.62:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.63:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.64:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.65:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.66:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.67:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.68:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.69:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.70:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Advertising : Ignored
:mozilla.71:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.72:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.73:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.74:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.75:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.76:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.77:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.78:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.79:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.80:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.81:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.82:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.83:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Atdmt : Ignored
:mozilla.111:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.112:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.113:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.114:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.115:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.116:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.117:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.119:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.120:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.121:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.124:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Doubleclick : Ignored
:mozilla.131:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Valueclick : Ignored
:mozilla.132:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Valueclick : Ignored
:mozilla.138:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.139:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.140:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.141:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.142:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.143:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.144:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Fastclick : Ignored
:mozilla.148:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Questionmarket : Ignored
:mozilla.150:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Questionmarket : Ignored
:mozilla.152:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Ignored
:mozilla.157:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
:mozilla.158:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Mediaplex : Ignored
:mozilla.159:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.160:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.173:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.174:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.175:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.176:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.177:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.178:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.201:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Targetnet : Ignored
:mozilla.229:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Bluestreak : Ignored
:mozilla.231:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.232:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.233:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.234:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Pointroll : Ignored
:mozilla.235:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.236:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.237:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.244:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Centrport : Ignored
:mozilla.274:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.275:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Liveperson : Ignored
:mozilla.276:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.277:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.278:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.279:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.280:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.281:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.296:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.304:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Sexlist : Ignored
:mozilla.311:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.312:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.313:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Burstnet : Ignored
:mozilla.314:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Ignored
:mozilla.320:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Qksrv : Ignored
:mozilla.322:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Qksrv : Ignored
:mozilla.6:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.7:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.8:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.9:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.10:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.11:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.12:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.13:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.25:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Centrport : Ignored
:mozilla.29:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.30:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.65:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Tradedoubler : Ignored
:mozilla.66:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.67:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.68:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.69:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.70:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.71:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Trafficmp : Ignored
:mozilla.74:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.75:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.76:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.77:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Adserver : Ignored
:mozilla.80:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.81:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.82:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.83:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.84:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.85:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\rdpyu6j7.Chris\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
C:\Documents and Settings\Christopher\shell.exe -> Heuristic.Win32.Morphine-Crypted : Ignored
:mozilla.12:C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\iivgn836.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.13:C:\Documents and Settings\Dawn\Application Data\Mozilla\Firefox\Profiles\iivgn836.default\cookies.txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@burstnet[2].txt -> Spyware.Cookie.Burstnet : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfk4cpdpgdq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfk4kidjkeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfk4kjajwbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfk4ohcjieq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfk4wiazedo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfkiahdzkep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfkiegczido.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfkoondpoao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfkoumc5ehp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfkouoazwlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfkyaocpggp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfl4uodpkfo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wflouncpcbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wflyuid5ogo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wfmiwnd5eao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wgkiahc5ofp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wgkiqoczsko.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjk4akczslq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjk4cpazsgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjk4eoczaco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjk4gldjsbp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjk4gpczsap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjk4ondjobp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkococ5eap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkoeodpscp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkoupcpmkp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Ignored
C:\Documents and Settings\Kylee\shell.exe -> Heuristic.Win32.Morphine-Crypted : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Christopher\Application Data\Mozilla\Firefox\Profiles\26r703lw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkycidzoaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkycjc5olo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkyckczcdo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkyegdjilo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkyekdpiko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkyemcpacp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkyepc5kko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkygocpwhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkyojajofp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjkyokcjocp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjl4ahcpgaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjl4gpd5ocp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjl4umc5ibp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjl4uoazoep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjliaidzkhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjliamdzalq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjlikkdzgdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjlikmc5sgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjliugcpoap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjlochcpaep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjlyegdpsdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjlyemc5who.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjlyqhazibo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjlyqldzmko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjlyuidzmeq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjlyuoc5eep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjmikkdzsgo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjmyqldjolq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjny-1kcpek.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjny-1kczma.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnyakczikp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnyckcpoco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnyckczmho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnycmazkfq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnycmazobq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnycmc5mdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnycoazwfp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnygpdzggo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnyohcpsco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnyqkdzegp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnysjdjifo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Cookies\dawn@e-2dj6wjnyumcpacp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Dawn\Local Settings\Temp\temp.fr84D5 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Kylee\Local Settings\Temp\se.dll -> Spyware.Hijacker.Generic : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Mason\Application Data\Mozilla\Firefox\Profiles\pp9wvqwa.default\cookies.txt ->
  • 0

#6
Fireemblem54

Fireemblem54

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It doesn't appear the other logs posted, as there was probably too much text. So the Smitfiles:


smitRem log file
version 2.3

by noahdfear

The current date is: Sat 09/17/2005
The current time is: 16:04:00.09

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ShudderLTD key present! Running LTDFix!

ShudderLTD key was successfully removed! :tazz:


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~

oleext.dll


~~~ Icons in System32 ~~~

And the new HJT, as Panda ActiveScan wasn't working well:

Logfile of HijackThis v1.99.1
Scan saved at 5:00:32 PM, on 9/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {7947EF28-26F0-4180-A69A-0AF2BE7F94E2} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-30.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.33/ttinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: E10fdeiccekl - Intel Corporation - (no file)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#7
Fireemblem54

Fireemblem54

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Might have missed something. Let me know, and sorry in advance.
  • 0

#8
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Not bad :tazz:
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System


  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.
Regards,

Trevuren

  • 0

#9
Fireemblem54

Fireemblem54

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
New Log:

Logfile of HijackThis v1.99.1
Scan saved at 9:34:29 AM, on 9/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {7947EF28-26F0-4180-A69A-0AF2BE7F94E2} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-30.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.33/ttinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: E10fdeiccekl - Intel Corporation - (no file)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

I don't know of any more visible malware problems at this point. Am I safe to go ahead and download SP2?
  • 0

#10
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
1 more small modification before final cleqanup after which you are home free to do your upgrades.

1. Go Start>>Run and type sc delete E10fdeiccekl + Enter

2. REBOOT your system

3. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren

  • 0

#11
Fireemblem54

Fireemblem54

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:43:34 AM, on 9/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Smtray.exe
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe
C:\Program Files\Lexmark X5100 Series\lxbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\PackethSvc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dumprep.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dwwin.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Smapp] Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Lexmark X5100 Series] "C:\Program Files\Lexmark X5100 Series\lxbabmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Support - {7947EF28-26F0-4180-A69A-0AF2BE7F94E2} - C:\Program Files\Internet Explorer\SIGNUP\Presario.htm (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=3c01&lc=0409
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-30.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...5.33/ttinst.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)
  • 0

#12
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Congratulations, your log shows that your SYSTEM IS CLEAN

There are a few things you must do once you are completely clean:

1. Re-hide your System Files and Folders to prevent any future accidents.

Reconfigure Windows XP to hide hidden files:
  • Click Start. Open My Computer.
  • Select the Tools menu and click Folder Options. Select the View Tab.
  • Under the Hidden files and folders heading deselect "Show hidden files and folders".
  • Check the "Hide protected operating system files (recommended)" option.
  • Click Yes to confirm. Click OK.
2. Reset and Re-enable your System Restore to remove bad files from the backup that Windows makes as no program is able to clean those files:

TO DISABLE SYSTEM RESTORE
  • Right-click "My Computer", and then left click "Properties".
  • Left click on "System Restore Tab"
  • Check box beside "Turn Off System Restore"
  • Left click on "Apply"
TO ENABLE SYSTEM RESTORE
  • Remove check mark from "Turn Off System Restore"
  • Click on "Apply"
Here are some tips to reduce the potential for spyware infection in the future:

Make sure you keep your Windows OS current by visiting Windows update
regularly to download and install any critical updates and service packs. With out these you are leaving the backdoor open.

I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
And also see TonyKlein's good advice
So how did I get infected in the first place? (My Favorite)

Regards,

Trevuren

  • 0

#13
Fireemblem54

Fireemblem54

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Done. I've already got a few of those, but I'll download some of the others, as well as upgrade to SP2.

Thanks SO much for all your help. The computer is running way smoother than normal thanks to you. I appreciate it :tazz:
  • 0

#14
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
My pleasure


Trevuren

  • 0

#15
Trevuren

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP