Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Random Restarts

Started by xNight Wraithx , Oct 09 2005 07:09 PM

  • Please log in to reply

#1
xNight Wraithx
Posted 09 October 2005 - 07:09 PM

xNight Wraithx

    New Member

  • Member
  • Pip
  • 4 posts
I have some very annoying issues with my pc and I'm ready to just go ahead and
---> :tazz: I've ran Ad-Aware and Spy Bot. I've quarantened and ignored things where I could. However, I still have stuff that won't go away and I am more than certain it is aurora but it absolutely will not go away. I've also tried going straight to the item in the registry and deleting it manually and when I do, it reboots. Sometimes it reboots even before I can get it to even reboot, this applies to trying to remove the file manually in Safe Mode as well. So, I'm asking with all I can ask: :)


Here is the file:

Logfile of HijackThis v1.99.1
Scan saved at 8:09:22 PM, on 10/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\UmljaGFyZAAA\command.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\WINDOWS\System32\apcexl.exe
C:\WINDOWS\System32\apcexl.exe
C:\WINDOWS\System32\exl_32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements

#2
skate_punk_21
Posted 09 October 2005 - 07:21 PM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Restoring Deleted HijackThis Entry
  • Double click on HijackThis.exe to run it.
  • Go to Config || Misc Tools || Select the "Backups" button at the top
  • Check all the entries you want to restore (all entries please)
  • click the "Restore" Button

  • 0

#3
xNight Wraithx
Posted 09 October 2005 - 08:33 PM

xNight Wraithx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Log Repost:

Logfile of HijackThis v1.99.1
Scan saved at 9:33:25 PM, on 10/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\UmljaGFyZAAA\command.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\System32\winlog.exe
C:\WINDOWS\System32\NEWADP~2.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\WINDOWS\YourMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\System32\apcexl.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\araa\usai.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\apcexl.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\PROGRA~1\COMMON~1\AOL\112431~1\EE\AOLHOS~1.EXE
C:\WINDOWS\System32\exl_32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\WINDOWS\system32\ngpw38.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\PROGRA~1\COMMON~1\AOL\112431~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Common Files\services.exe
C:\HijackThis.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: {B5AB638F-D76C-415B-A8F2-F3CEAC502212} - - (no file)
R3 - URLSearchHook: (no name) - {36476A41-FB5C-5D67-278B-78BFF08E15AC} - C:\WINDOWS\Siounipe.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\System32\qlink32.dll
O2 - BHO: ngsh33.clsIS - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - C:\WINDOWS\system32\ngsh33.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O2 - BHO: AdCom - {D7950AB4-67F5-458e-A37D-9F2DE7F250AC} - C:\WINDOWS\system32\AdCom.dll
O2 - BHO: (no name) - {FF8EA270-7077-F759-4191-C45D1BDAAED2} - C:\WINDOWS\Siounipe.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: Search - {BE9C3166-D966-DF76-B488-E4D1DEF7CDA5} - C:\WINDOWS\Siounipe.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [cashplusmedia1.exe.exe] C:\WINDOWS\System32\cashplusmedia1.exe.exe
O4 - HKLM\..\Run: [NEWADP~2] C:\WINDOWS\System32\NEWADP~2.exe
O4 - HKLM\..\Run: [:C=e] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [djcarn] C:\WINDOWS\System32\wzjuar.exe r
O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\YourMonitor
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [uldfhv] C:\WINDOWS\System32\ypgehos.exe r
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124314368\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [Cjux] C:\WINDOWS\System32\w?auclt.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [Crao] "C:\Program Files\araa\usai.exe" -vt rbnd
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\System32\qlink32.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\uner32.dll (file missing)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\uner32.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\uner32.dll (file missing)
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  • 0

#4
skate_punk_21
Posted 09 October 2005 - 09:15 PM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Please print out or save this page to your desktop in order to assist you when carrying out the following instructions.

Notes
ok, this could take a run or two... but lets begin :tazz:

Downloads
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
NOW CLOSE EWIDO - do not run a scan yet...

Download nailfix.exe from http://www.noidea.us...050711214630636 DO NOT RUN IT YET


Download Killbox Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. Select each of the following files below with your mouse, then right click and select copy, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Now in Killbox go to, File then select, Paste from clipboard! Now hit the X button - choose YES when it asks if you want to reboot) Click Yes at the 'Pending Operations prompt'. if you see it:

C:\WINDOWS\Siounipe.dll
C:\WINDOWS\Nail.exe
C:\WINDOWS\exe82.exe
C:\WINDOWS\System32\qlink32.dll
C:\WINDOWS\system32\ngsh33.dll
C:\WINDOWS\system32\uner32.dll
C:\WINDOWS\System32\winlog.exe
C:\WINDOWS\system32\AdCom.dll
C:\WINDOWS\System32\cashplusmedia1.exe.exe
C:\WINDOWS\System32\wzjuar.exe
C:\WINDOWS\UmljaGFyZAAA\command.exe
C:\WINDOWS\System32\ypgehos.exe
C:\WINDOWS\YourMonitor.exe
C:\WINDOWS\System32\apcexl.exe
C:\WINDOWS\System32\exl_32.exe
C:\WINDOWS\system32\ngpw38.exe
C:\Program Files\Common Files\mc-58-12-0000137.exe



Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.


Run Downloaded Program #1
1. Launch Nailfix.exe
2. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish".
3. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Run Downloaded Program #2
Run Ewido Security Suite . Set the program up as follows:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.


View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.


Potential Uninstallations
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:
DNS
SurfAccuracy
YourMonitor
araa


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: {B5AB638F-D76C-415B-A8F2-F3CEAC502212} - - (no file)
R3 - URLSearchHook: (no name) - {36476A41-FB5C-5D67-278B-78BFF08E15AC} - C:\WINDOWS\Siounipe.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\System32\qlink32.dll
O2 - BHO: ngsh33.clsIS - {941CA48C-3984-4E7D-AAF8-8755ED76EB50} - C:\WINDOWS\system32\ngsh33.dll
O2 - BHO: AdCom - {D7950AB4-67F5-458e-A37D-9F2DE7F250AC} - C:\WINDOWS\system32\AdCom.dll
O2 - BHO: (no name) - {FF8EA270-7077-F759-4191-C45D1BDAAED2} - C:\WINDOWS\Siounipe.dll
O2 - BHO: Internet Explorer Web Content Catcher - {FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} - C:\Program Files\DNS\Catcher.dll
O3 - Toolbar: Search - {BE9C3166-D966-DF76-B488-E4D1DEF7CDA5} - C:\WINDOWS\Siounipe.dll
O3 - Toolbar: (no name) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\Run: [cashplusmedia1.exe.exe] C:\WINDOWS\System32\cashplusmedia1.exe.exe
O4 - HKLM\..\Run: [:C=e] C:\WINDOWS\exe82.exe
O4 - HKLM\..\Run: [djcarn] C:\WINDOWS\System32\wzjuar.exe r
O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\YourMonitor
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [uldfhv] C:\WINDOWS\System32\ypgehos.exe r
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000137.exe
O4 - HKCU\..\Run: [Crao] "C:\Program Files\araa\usai.exe" -vt rbnd
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\WINDOWS\System32\qlink32.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\uner32.dll (file missing)
O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\uner32.dll (file missing)
O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\uner32.dll (file missing)

Please remember to close all other windows, including browsers then click Fix checked.


File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\Program Files\DNS\
C:\Program Files\SurfAccuracy\
C:\Program Files\winupdates\
C:\WINDOWS\UmljaGFyZAAA\
C:\Program Files\Common Files\Windows\
C:\Program Files\araa\

Reboot your system in Normal Mode.

Perform an online scan with Internet Explorer with Panda ActiveScan
  • Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  • Click Scan Now
  • Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply along with a new HJT log

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan

Please post a fresh HijackThis log, the Ewido Log, & the Log from Panda so that we can check if your system is clean.

Edited by skate_punk_21, 09 October 2005 - 09:35 PM.

  • 0

#5
skate_punk_21
Posted 09 October 2005 - 09:31 PM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
xNightWraithx - please go over my instructions again, as some files for killbox have been added!
Skate
  • 0

#6
xNight Wraithx
Posted 11 October 2005 - 01:42 PM

xNight Wraithx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Okay! I think we FINALLY got it all. Here is the new HJT log:



Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WB - C:\PROGRA~1\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UmljaGFyZAAA\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe






The Ewido Log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:50:27 PM, 10/10/2005
+ Report-Checksum: F2E17826

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID\\ -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1\CLSID\\ -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6F59D850-A155-4930-98AE-689A2BC7B8E8}\TypeLib\\ -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\MainPean Highspeed -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaTickets -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\VGroup\SAHAgent -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\VGroup\SAHPopup -> Spyware.SAHA : Cleaned with backup
HKU\S-1-5-21-1214440339-287218729-682003330-1004\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-1214440339-287218729-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-21-1214440339-287218729-682003330-1004\Software\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-1214440339-287218729-682003330-1004_Classes\CLSID\\ -> Spyware.AproposMedia : Error during cleaning
C:\!KillBox\ngsh33.dll -> Spyware.AdBlaster : Cleaned with backup
C:\backups\backup-20051010-112027-329.dll -> Spyware.AdBlaster : Cleaned with backup
:mozilla.6:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\gbshgmer.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.7:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\gbshgmer.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.8:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\gbshgmer.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.9:C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\gbshgmer.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\8c8etb3y.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0019F23A-69D1-4564-822F-36EB02\73FE0BAE-AA3B-4CA7-8C0A-C2E51F -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0019F23A-69D1-4564-822F-36EB02\807871DC-B162-4B80-95E5-94BD46 -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\0C567C3D-CD23-4C58-9656-3B8F1D\72BA7885-0FAE-4C8F-9B40-7FFEE4 -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\2CA665B8-432A-4867-8436-58BFAC\A7ED7BC2-CC4B-4045-8E21-0A10DB -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\2E50C242-00E3-4DD8-BAAA-A6D3F9\028FDD86-6DBF-476D-926E-79292C -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\32797F71-2713-431D-9851-4F8B54\11759217-4B7C-40E0-A554-280401 -> Spyware.YourSiteBar : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\6A59E2D1-0ED3-4D89-BCB7-95F49E\8B396803-6DD7-4D8D-BF2C-9D9940/gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\712A443E-837F-4EFA-894A-BA60F3\F85568C4-FA61-4AF0-9C9C-E92626 -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\7C908AA2-11B6-4B0E-8EF4-09DA42\54FC408B-F51D-4CA6-A99D-8CBF7F -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\7C908AA2-11B6-4B0E-8EF4-09DA42\C5F5C154-A685-408E-965D-74E37E -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\7F9770AF-3A98-429E-A4B6-522065\4254FD6E-F9F0-4F98-AC7F-8BC32E -> Spyware.SideFind : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\AFB2E68E-2989-49AD-9677-DA3BBE\55A434F5-4346-4A00-A456-9A3AFA -> Spyware.E2Give : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\AFB2E68E-2989-49AD-9677-DA3BBE\E7BBEE75-ADF2-4692-A83C-A199B2 -> TrojanDownloader.Small.bgl : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\B370D455-32B0-4EC4-AEEF-9651C7\4A7AEDB2-BC98-4858-B653-9C6745 -> TrojanDownloader.Small.bgl : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\B370D455-32B0-4EC4-AEEF-9651C7\59F062C5-E646-48CA-AE19-AA8D8E -> TrojanDownloader.Small.bgl : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\B370D455-32B0-4EC4-AEEF-9651C7\6DE3CA59-3D0F-4549-A653-06ABDB -> Spyware.E2Give : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\B370D455-32B0-4EC4-AEEF-9651C7\CE11E3DE-1403-49F3-B2BA-44E732 -> Spyware.E2Give : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\B3A313C1-83A4-440B-B2C2-019C64\6BBD586A-57C7-4555-A8F2-3F9FB1/gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\C8B986D3-E9F7-4FE8-A360-1947E3\1F892FF1-517F-4D3F-AA71-AF9DB0 -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\D7F200FB-77D3-4C01-BDD7-468C7A\40F57BD7-B875-4BBA-8433-B96ABC -> Spyware.Maxifiles : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\D7F200FB-77D3-4C01-BDD7-468C7A\951B6C84-FB43-4CA6-A1BD-EC44C4/gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Application Data\Sunbelt Software\CounterSpy\Quarantine\FD7E526F-1D57-4CDE-8163-59A4ED\A8820AD8-37D1-4CED-B834-F10621 -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\F7S8KM7N\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\F7S8KM7N\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\F7S8KM7N\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\F7S8KM7N\AppWrap[4].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\F7S8KM7N\istdownload[1].exe -> TrojanDownloader.IstBar.lq : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\F7S8KM7N\uninstaller.prod.21sep2005.exe[1] -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\OTN9Z0SG\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\OTN9Z0SG\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\OTN9Z0SG\AppWrap[4].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\QMQRQE0R\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\QMQRQE0R\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\QMQRQE0R\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\QMQRQE0R\AppWrap[4].exe -> Spyware.AdURL : Cleaned with backup
C:\Documents and Settings\Richard\Local Settings\Temporary Internet Files\Content.IE5\W1AVQTA9\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\Richard\My Documents\Music Downloads\Alias Maya Unlimited v7.0 for Windows.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Richard\My Documents\Music Downloads\EA SPORTS Rugby 2005 iSO.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Downloads\Setup.exe -> Worm.VB.an : Cleaned with backup
C:\install2\Setup.exe -> Worm.VB.an : Cleaned with backup
C:\install3\Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\InetGet\Adperform180safull.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\winsupdater\a.tmp -> Worm.VB.an : Cleaned with backup
C:\Program Files\winsupdater\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\winsupdater\winsupdater.exe -> Worm.VB.an : Cleaned with backup
C:\WINDOWS\aghfbw.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\bdmkl1001.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\flfmgixll.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\sngsh33.dll -> Spyware.AdBlaster : Cleaned with backup
C:\WINDOWS\system32\2bundle.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\csvcg.dll -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\csvcgd.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\csvcgf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\gkcngsu.exe -> Trojan.Agent.ji : Cleaned with backup
C:\WINDOWS\system32\Igzlaa.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\system32\MTE2ODI6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\system32\ngsh33.dll -> Spyware.AdBlaster : Cleaned with backup
C:\WINDOWS\system32\pre.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\rk.bin -> Spyware.RK : Cleaned with backup
C:\WINDOWS\system32\webrebates.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\WinDmy.dll -> Spyware.Getmirar : Cleaned with backup
C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot.adx : Cleaned with backup
C:\WINDOWS\Temp\b.com -> Spyware.AdURL : Cleaned with backup
C:\WINDOWS\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\Temp\MTE2ODI6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\UmljaGFyZAAA\asappsrv.dll -> Spyware.CommAd : Cleaned with backup
C:\WINDOWS\wxhtgkr.exe -> Adware.BetterInternet : Cleaned with backup


::Report End




The newest EWIDO run:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:37:32 PM, 10/11/2005
+ Report-Checksum: 91D66BF0

+ Scan result:

:mozilla.6:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Richard\Application Data\Mozilla\Firefox\Profiles\w5szl4pw.Default User\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup


::Report End





And I couldn't get Panda to run because of ActiveX controls and also the Add/Remove Programs section...none were listed so those weren't done either.
  • 0

#7
skate_punk_21
Posted 11 October 2005 - 07:54 PM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Do you know what "winsupdater" is? If not I suggest uninstalling it, and deleting this folder: C:\program Files\winsupdater\

and what was wrong with the activeX controls? are things running much better?
  • 0

#8
xNight Wraithx
Posted 12 October 2005 - 11:43 AM

xNight Wraithx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I have no idea about winsupdater. I am not sure about the ActiveX Controls either. I know I have been to sites requiring ActiveX before with no problem. But, I am still getting my monitor cutting off on me. A few minutes ago it actually shut itself down though, the difference is, it actually went to the log off then shutdown screen.


*Edit- I wanted to add that none the programs that should be on the Add/Remove Programs are there. For example, WINSUPDATER isn't on the list.

Edited by xNight Wraithx, 12 October 2005 - 11:46 AM.

  • 0

#9
skate_punk_21
Posted 12 October 2005 - 02:47 PM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
delete the folder regardless, as they do exist somewhere.

gotta run for now,
Skate
  • 0

#10
skate_punk_21
Posted 18 October 2005 - 10:43 PM

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Sorry for the delay.
How are things running with you now?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP