Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Vundo infocmd.dll


  • Please log in to reply

#1
thejones6

thejones6

    Member

  • Member
  • PipPip
  • 22 posts
:tazz:
I have been working on my laptop all morning...learning alot but still not getting this thing off!
Here is my hijack this file:
I don't understand how this got past NAV and I don't even use IE, use Firefox!

Please help :) Gwen
thank you so much!

Logfile of HijackThis v1.99.1
Scan saved at 12:56:19 PM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gwen\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\infocmd.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.150.183.2...sCamControl.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: infocmd - C:\WINDOWS\repair\infocmd.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome thejones6 to Geeks to Go!

You are running HijackThis from the Desktop.
Please create a new folder for it and move the program into the new folder.

Please print these instructions out for use in Safe Mode.
Please note: your AntiVirus program may prompt you to a malicious program running. Allow the entire script to run.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    it should look like this

    VundoFix V2.1 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    This list of forums is provided as an example of where to go to obtain help!!
    http://www.atribune.org/forums
    http://www.247fixes.com/forums
    http://www.geekstogo.com/forum
    http://forums.net-integration.net
    http://castlecops.com/forums.html
    http://www.besttechie.net/forums
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\repair\infocmd.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\repair\dmcofni.*
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HijackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\repair\infocmd.dll

    O20 - Winlogon Notify: infocmd - C:\WINDOWS\repair\infocmd.dll
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
***

Download and install Cleanup from here (Alternate site if the above is not working, go Here)

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

***

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#3
thejones6

thejones6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Sorry I deciphered from the other replys how to possibly fix and did it!
I didn't allow the script to go through though, and I had to force reboot out
of Vundofix....but from what I can see and know of this stuff...it looks like it is all cleaned.
I have since run Norton Clean up and will now run another Norton virus scan.

thanks for your help :tazz:


Here is the Hijack This file:

Logfile of HijackThis v1.99.1
Scan saved at 3:40:27 PM, on 10/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE
C:\Documents and Settings\Gwen\My Documents\My Downloads\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.150.183.2...sCamControl.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
No problem, my compliments. The HijackThis log looks good.

Can you do the cleanup! and Panda Active part? I'd like to be sure it's clean.
  • 0

#5
thejones6

thejones6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks, I was able to get Clean Up and Activescan....and wow am I glad I did!!!!
These two programs cleaned more out than my Norton SW
I also ran Ewido and it cleaned out some more. I did another Panda scan this morning
and it is still showing CWS adaware and now Gator!!!!! (cleaned out the Virtumonde spyware though)
I don't get it??? I thought having NortonAV and running Spybot and Adaware SE were suppose to clean all this out...
will I ever be truly free of adware and spyware. I am not a avid "surfer"...just have my regular news sites that I read and work sites that I use or visit for updates.
I ran Spybot and Adaware SE this morning after the Activescan....and they detect nothing!!???
What programs today are really good in cleaning and protecting?

thanks again for your help,
Gwen :-)


CleanUp! started on 10/13/05 17:46:09.
...
http://update.micros...c_collapsed.gif - deleted
http://www.pandasoft...img/01subir.gif - deleted
http://update.micros...rightbottom.gif - deleted
http://us.yimg.com/i.../srch_sit_d.bmp - deleted
http://www.pandasoft...da/img/hlhx.gif - deleted
http://www.pandasoft...e/descarga1.vbs - deleted
http://www.microsoft...mages/clear.gif - deleted
http://update.micros...stominstall.jpg - deleted
http://www.pandasoft...da/img/mail.gif - deleted
http://www.pandasoft...escanclient.gif - deleted
http://www.pandasoft...62/frd_susc.gif - deleted
http://update.micros...s/failed-sm.gif - deleted
http://toolbar.yahoo.com/js/yinsth2.js - deleted
http://us.i1.yimg.co.../slv53_tour.gif - deleted
http://www.pandasoft.../grafica_13.gif - deleted
http://windowsupdate.microsoft.com/ - deleted
http://update.micros...asthead_ltr.gif - deleted
http://update.micros..._leftbottom.gif - deleted
http://www.microsoft...b0-3e0083b19f91 - deleted
http://us.js1.yimg.c...n/yg_csstare.js - deleted
http://us.i1.yimg.co...lv5_xpsp2_2.gif - deleted
http://www.pandasoft...general_home.js - deleted
http://www.pandasoft...om/progress.gif - deleted
http://us.i1.yimg.co...m/i/tb/tip6.gif - deleted
http://us.yimg.com/i/tb/icons//yme.bmp - deleted
http://www.pandasoft.../grafica_31.gif - deleted
http://www.pandasoft...Panda/img/1.gif - deleted
http://www.pandasoft...gcom/alert3.gif - deleted
http://update.micros...648073913518863 - deleted
http://www.microsoft...7e-9ec2c4683ef9 - deleted
http://www.microsoft...if/arrowLTR.gif - deleted
http://us.i1.yimg.co...h/test/stw2.gif - deleted
http://www.pandasoft...tore_0_part.gif - deleted
http://www.pandasoft...grafica2_07.gif - deleted
http://update.micros..._bg_lefttop.gif - deleted
?CodeDownloadErrorLog!name={17492023-C23A-453E-A040-C7C580BBF700} - deleted
http://update.micros...finish_left.jpg - deleted
http://update.micros...emaining-sm.gif - deleted
http://us.i1.yimg.co...m/i/tb/tip2.gif - deleted
http://www.pandasoft...gcom/block3.gif - deleted
http://update.micros...s/icon.plus.gif - deleted
http://ad.doubleclic...975?&_dc_ck=try - deleted
http://bc.us.yahoo.c...889670993514146 - deleted
http://www.pandasoft...grafica2_18.gif - deleted
http://www.pandasoft...can/defines.inc - deleted
http://update.micros...bg_righttop.gif - deleted
http://us.yimg.com/i/tb/icons//sc2.bmp - deleted
http://update.micros.../welcome-bg.gif - deleted
http://us.i1.yimg.co...nload/ma_fx.gif - deleted
http://us.i1.yimg.co...myweb_done2.gif - deleted
http://us.yimg.com/i...icons//psr4.bmp - deleted
http://update.micros...utton_right.gif - deleted
http://update.micros...648074673921884 - deleted
http://update.micros...648075183946958 - deleted
http://update.micros...esults_left.jpg - deleted
http://www.pandasoft...ners_0_part.gif - deleted
http://www.pandasoft...rd/frd_rojo.gif - deleted
http://download.micr...heckControl.cab - deleted
http://www.microsoft...ic/js/s_code.js - deleted
http://www.microsoft...ages/hr-end.gif - deleted
http://us.i1.yimg.co...lv5_xpsp2_1.gif - deleted
http://us.yimg.com/i...lpage/arrow.gif - deleted
http://us.update.too...&.pb=0&t=750248 - deleted
http://us.yimg.com/i...ns//srch_hi.bmp - deleted
http://update.micros...648074817239943 - deleted
http://update.micros...es/info_16x.gif - deleted
http://www.google.com/nav_current.gif - deleted
http://us.i1.yimg.co...ward_cnet_5.gif - deleted
http://update.micros...648075183946958 - deleted
http://us.i1.yimg.co...m/i/tb/tip7.gif - deleted
http://us.i1.yimg.co...m/i/tb/tip8.gif - deleted
http://us.yimg.com/i...cons//log_s.bmp - deleted
http://update.micros...648075171759848 - deleted
http://www.google.com/images/t3_en.gif - deleted
http://us.i1.yimg.co...indc_bl_big.gif - deleted
http://update.micros...648075183946958 - deleted
http://us.i1.yimg.co.../ma/ma_tb_1.gif - deleted
http://toolbar.yahoo...dl=&.dlsrc=ypsr - deleted
http://bc.us.yahoo.c...372245767695808 - deleted
http://us.i1.yimg.co...m/i/tb/tip4.gif - deleted
http://us.yimg.com/i...cons//mn2_s.bmp - deleted
http://us.i1.yimg.co...53_arrowmid.gif - deleted
http://toolbar.yahoo...css/toolbar.css - deleted
http://update.micros...lcome-right.jpg - deleted
http://us.dl1.yimg.c...nst_current.exe - deleted
http://update.micros...648074767669484 - deleted
http://us.yimg.com/i...cons//mb2_s.bmp - deleted
http://www.google.com/nav_page.gif - deleted
http://us.i1.yimg.co...53_arrowbtm.gif - deleted
http://us.i1.yimg.co...e/searchbar.gif - deleted
http://us.yimg.com/i/tb/icons//myw.bmp - deleted
http://us.yimg.com/i...ns//yma2_s0.bmp - deleted
http://us.i1.yimg.co...m/i/tb/tip3.gif - deleted
C:\Documents and Settings\Gwen\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Local Settings\History\History.IE5\MSHist012005101120051012\index.dat - deleted
C:\Documents and Settings\Gwen\Local Settings\History\History.IE5\MSHist012005101120051012\ - deleted
C:\Documents and Settings\Gwen\Local Settings\History\History.IE5\MSHist012005101220051013\index.dat - deleted
C:\Documents and Settings\Gwen\Local Settings\History\History.IE5\MSHist012005101220051013\ - deleted
C:\Documents and Settings\Gwen\Local Settings\History\History.IE5\MSHist012005101320051014\index.dat - deleted
C:\Documents and Settings\Gwen\Local Settings\History\History.IE5\MSHist012005101320051014\ - deleted
C:\Documents and Settings\Gwen\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
'Typed URLs' (Internet Explorer) - removed from the registry.
Visited: Gwen@http://update.microsoft.com/windowsupdate/v6/splash.aspx?ln=en-us&page=8 - deleted
Visited: Gwen@res://C:\Program%20Files\Norton%20SystemWorks\Norton%20AntiVirus\NAVUIHTM.DLL/reports.htm - deleted
Visited: Gwen@about:blank - deleted
Visited: Gwen@res://C:\Program%20Files\Norton%20SystemWorks\Norton%20AntiVirus\navopts.dll/options_int_iwp_applist.htm - deleted
Visited: Gwen@res://fwui.dll/ruleSummary.htm - deleted
Visited: Gwen@http://v4.windowsupdate.microsoft.com/en/dialog_learnabout.asp?topic=0&noscripting=true - deleted
Visited: Gwen@http://update.microsoft.com/windowsupdate/v6/default.aspx?success=true&ln=en-us - deleted
Visited: Gwen@http://update.microsoft.com/windowsupdate/v6/default.aspx?ln=en-us - deleted
Visited: Gwen@file:///C:/Documents%20and%20Settings/Gwen/My%20Documents/Virus%20cleanup/Scan%20report_20051013.txt.txt - deleted
Visited: Gwen@http://edit.companion.yahoo.com/config/slv4_done?.gst=1&.intl=us&.btn=&.st_ri=&.st_pc=&.st_sc=&.mf1=as - deleted
Visited: Gwen@file:///C:/Documents%20and%20Settings/Gwen/My%20Documents/hijackthis.log - deleted
Visited: Gwen@http://www.google.com - deleted
Visited: Gwen@http://www.microsoft.com/genuine/downloads/OEMValidate.aspx?displaylang=en&End=http%3a%2f%2fupdate.microsoft.com%2fwindowsupdate%2fv6%2fdefault.aspx&ReportSuccess=true&sGuid=f543db9f-a6c7-4c4e-89b0-3e0083b19f91 - deleted
Visited: Gwen@about:Home - deleted
Visited: Gwen@http://www.microsoft.com/genuine/downloads/RunHTA.aspx?displaylang=en&End=http%3a%2f%2fupdate.microsoft.com%2fwindowsupdate%2fv6%2fdefault.aspx&ReportSuccess=true&sGuid=164cde81-6d3d-44ec-9a7e-9ec2c4683ef9 - deleted
Visited: Gwen@file:///C:/Documents%20and%20Settings/Gwen/Desktop/KSP011%20Master%20File.pdf - deleted
Visited: Gwen@http://www.pandasoftware.com/products/activescan.htm - deleted
Visited: Gwen@http://www.pandasoftware.com/activescan/activescan/ascan_1.asp - deleted
Visited: Gwen@res://C:\Program%20Files\Norton%20SystemWorks\Norton%20AntiVirus\NAVUIHTM.DLL/navstats.htm - deleted
Visited: Gwen@http://toolbar.yahoo.com - deleted
Visited: Gwen@res://C:\PROGRA~1\NORTON~2\NORTON~1\NAVOpts.dll/options.htm - deleted
Visited: Gwen@http://www.google.com/search?hl=en&q=&btnG=Google+Search - deleted
Visited: Gwen@javascript:Seguir(); - deleted
Visited: Gwen@http://toolbar.yahoo.com/?.intl=us&.region=us&.partner=none&.guest=none&.cpdl=&.dlsrc=ypsr - deleted
Visited: Gwen@http://windowsupdate.microsoft.com - deleted
Visited: Gwen@javascript:parent.fnDisplayBasketUpdates(); - deleted
Visited: Gwen@http://update.microsoft.com/windowsupdate/v6/default.aspx?Success=true - deleted
Visited: Gwen@res://C:\Program%20Files\Norton%20SystemWorks\SWPlugin.dll/nswstats.htm - deleted
Visited: Gwen@http://www.google.com/webhp?hl=en&btnG=Google+Search - deleted
Visited: Gwen@http://update.microsoft.com/windowsupdate/v6/resultslist.aspx?ln=en-us&id=0 - deleted
Visited: Gwen@javascript:javascript:validar_formu(); - deleted
Visited: Gwen@http://update.microsoft.com/windowsupdate/v6/default.aspx - deleted
Visited: Gwen@res://C:\Program%20Files\Norton%20SystemWorks\Norton%20AntiVirus\navopts.dll/options_int_iwp_autoblock.htm - deleted
Visited: Gwen@http://www.microsoft.com/genuine/downloads/SuccessfulActivation.aspx?displaylang=en&End=http%3a%2f%2fupdate.microsoft.com%2fwindowsupdate%2fv6%2fdefault.aspx&ReportSuccess=true&sGuid=f543db9f-a6c7-4c4e-89b0-3e0083b19f91 - deleted
Visited: Gwen@http://www.pandasoftware.com/activescan/activescan/ascan_2.asp - deleted
Visited: Gwen@javascript:pp(1,2,63); - deleted
Visited: Gwen@file:///C:/Documents%20and%20Settings/Gwen/Desktop/Oct05WmBrosSales.doc - deleted
Visited: Gwen@http://us.edit.companion.yahoo.com/config/slv4_installed?.dflt=1&.intl=us&.partner=none&.guest=none&.btn=&.st_pc=&.st_sc=&.mf1=as - deleted
Visited: Gwen@http://www.google.com/search?hl=en&q=yahoo+bar - deleted
Visited: Gwen@http://toolbar.yahoo.com/config/slv4_done?.act=3&.dflt=1&.intl=us&.region=us&.partner=none&.guest=none&.cpdl=&.mf1=as&.xpsp2=1 - deleted
Visited: Gwen@http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.exe - deleted
Visited: Gwen@http://www.pandasoftware.com/activescan/activescan/ascan_4.asp - deleted
C:\Documents and Settings\Gwen\Cookies\gwen@activescan[1].txt - deleted
C:\Documents and Settings\Gwen\Cookies\gwen@google[1].txt - deleted
C:\Documents and Settings\Gwen\Cookies\gwen@microsoftwga.112.2o7[2].txt - deleted
C:\Documents and Settings\Gwen\Cookies\gwen@microsoft[1].txt - deleted
C:\Documents and Settings\Gwen\Cookies\gwen@yahoo[2].txt - deleted
C:\Documents and Settings\Gwen\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
Cookie:gwen@www.pandasoftware.com/activescan/activescan/ - deleted
Cookie:gwen@microsoftwga.112.2o7.net/ - deleted
Cookie:gwen@google.com/ - deleted
Cookie:gwen@yahoo.com/ - deleted
Cookie:gwen@microsoft.com/ - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Profiles\default\auaa43ih.slt\oldprefs.js - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Profiles\default\auaa43ih.slt\oldlocalstore.rdf - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Profiles\default\auaa43ih.slt\cookies.txt.old - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Profiles\default\auaa43ih.slt\oldprefs.js - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Profiles\default\auaa43ih.slt\oldlocalstore.rdf - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Profiles\default\auaa43ih.slt\cookies.txt.old - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\069E7BB8d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\070C0599d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\0B07BDA7d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\0C09B6B6d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\1E0D4316d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\1F0B1F7Cd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\2038079Ad01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\2C6A5714d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\2EF7F1E4d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\30431FE9d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\320C787Fd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\328860CAd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\36D2CD41d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\3D1C5E07d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\3EAC3E02d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\3F9A97AAd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\426BD0DEd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\43F92980d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\4410A7ACd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\4AF58B24d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\4B7CF964d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\51535D72d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\59775387d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\608706EFd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\68273705d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\79C73231d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\89493F00d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\8F80274Cd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\908F6892d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\97D69891d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\9F983916d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\A1231FBDd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\A497F66Fd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\B4E696EEd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\B5CCA2DFd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\B840273Cd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\B841BA5Fd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\B841BB14d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\B841BB18d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\BC367A13d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\C59220ADd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\CCFDF688d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\CD4D8388d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\CD4F18A7d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\CF783DD4d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\DB018255d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\EBE4AC6Bd01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\F9FD7926d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\FE22AE72d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\FE3125C4d01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\FEC3FD1Ad01 - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\_CACHE_001_ currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\_CACHE_002_ currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\_CACHE_003_ currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\Cache\_CACHE_MAP_ currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\history.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\cookies.txt.old - deleted
C:\Documents and Settings\Gwen\Recent\hijackthis.lnk - deleted
C:\Documents and Settings\Gwen\Recent\KSP011 Master File.lnk - deleted
C:\Documents and Settings\Gwen\Recent\Oct05WmBrosSales.lnk - deleted
C:\Documents and Settings\Gwen\Recent\Scan report_20051013.txt.lnk - deleted
C:\Documents and Settings\Gwen\Recent\Virus cleanup.lnk - deleted
C:\DOCUME~1\Gwen\LOCALS~1\Temp\089Sales.rtf - deleted
C:\DOCUME~1\Gwen\LOCALS~1\Temp\ASPNETSetup.log - deleted
C:\DOCUME~1\Gwen\LOCALS~1\Temp\netfxsl.log - deleted
C:\DOCUME~1\Gwen\LOCALS~1\Temp\netfxupdate.log - deleted
C:\DOCUME~1\Gwen\LOCALS~1\Temp\ycomp_6.2.2.0_ypsr_1.14_us_setup_.exe - deleted
C:\DOCUME~1\Gwen\LOCALS~1\Temp\hsperfdata_Gwen\ - deleted
C:\DOCUME~1\Gwen\LOCALS~1\Temp\msoclip1\01\ - deleted
C:\DOCUME~1\Gwen\LOCALS~1\Temp\msoclip1\ - deleted
C:\Documents and Settings\NetworkService\Cookies\index.dat - deleted
C:\Documents and Settings\NetworkService\locals~1\tempor~1\Content.IE5\index.dat - deleted
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\locals~1\tempor~1\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.bak - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\bookmarks.bak - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Firefox\Profiles\e3fl09ex.default\bookmarks.html.sbsd.bak - deleted
C:\Documents and Settings\Gwen\Application Data\Mozilla\Profiles\default\auaa43ih.slt\bookmarks.html.sbsd.bak - deleted
C:\Documents and Settings\Gwen\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\Gwen\UserData\index.dat - deleted
C:\Documents and Settings\LocalService\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Program Files\Common Files\Symantec Shared\Firewall.BAK - deleted
C:\Program Files\Common Files\Symantec Shared\IDS\IDSSettg.BAK - deleted
C:\WINDOWS\imsins.BAK - deleted
C:\WINDOWS\Debug\UserMode\userenv.bak - deleted
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
C:\WINDOWS\system32\CatRoot2\edb.chk - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 26.6 MB of disk space from 855 files.
CleanUp! finished on 10/13/05 17:47:18.


CWShredder Report

**** Run Keys ****

RUN: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
RUN: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
RUN: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
RUN: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
RUN: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
RUN: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz


**** Browser Helper Objects ****

BHO: [AcroIEHlprObj Class] C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: [CNavExtBho Class] C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll


**** IE Toolbars ****

TOOLBAR: [Norton AntiVirus] C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
TOOLBAR: [Yahoo! Toolbar] C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll


**** IE Extensions ****

IEExt: [AIM] C:\Program Files\AIM\aim.exe
IEExt: [Yahoo! Messenger] C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe


**** Hosts File Entries ****

Panda Activescan last night
Incident Status Location

Adware:adware/cws No disinfected C:\Documents and Settings\Gwen\Favorites\Health
Spyware:spyware/virtumonde No disinfected Windows Registry

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:37:56 PM, 10/13/2005
+ Report-Checksum: 266C023A

+ Scan result:

HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
:mozilla.6:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.10:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.11:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.28:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.33:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.34:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00945745.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.36:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.37:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.38:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.39:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.40:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.41:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.42:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.43:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.44:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.46:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.77:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.86:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.87:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.113:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.252:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.259:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.260:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.273:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.274:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.275:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.276:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.277:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.310:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.311:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.312:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.313:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.314:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.315:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.316:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.317:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.318:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.319:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.320:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.321:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.322:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.323:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.324:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.326:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.357:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.358:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.359:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.360:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.361:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.383:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.407:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.408:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.409:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.410:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.505:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.506:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.507:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.508:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.509:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.510:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.511:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.512:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.513:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.514:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.515:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.516:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.517:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.518:C:\RECYCLER\NPROTECT\00945750.OLD -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\RECYCLER\NPROTECT\00945887.dll -> TrojanDownloader.ConHook.k : Cleaned with backup
:mozilla.6:C:\RECYCLER\NPROTECT\00946210.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00946217.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946218.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946221.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946226.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946233.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946240.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946246.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946247.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946249.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946250.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946251.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946254.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946255.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946260.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946268.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00946271.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00946272.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00946273.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00946274.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00946275.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00946289.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00946298.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00946299.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.10:C:\RECYCLER\NPROTECT\00947122.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.11:C:\RECYCLER\NPROTECT\00947122.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00947122.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00947122.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00947122.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.6:C:\RECYCLER\NPROTECT\00947123.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.7:C:\RECYCLER\NPROTECT\00947123.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.8:C:\RECYCLER\NPROTECT\00947123.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.9:C:\RECYCLER\NPROTECT\00947123.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.10:C:\RECYCLER\NPROTECT\00947123.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.11:C:\RECYCLER\NPROTECT\00947123.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00947123.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00947123.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00947123.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00947123.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00947123.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.8:C:\RECYCLER\NPROTECT\00947124.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\RECYCLER\NPROTECT\00947124.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\RECYCLER\NPROTECT\00947124.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.11:C:\RECYCLER\NPROTECT\00947124.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00947124.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00947124.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00947124.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00947124.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00947124.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00947124.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00947124.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.10:C:\RECYCLER\NPROTECT\00947125.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\RECYCLER\NPROTECT\00947125.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00947125.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00947125.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00947125.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00947125.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00947125.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00947125.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00947125.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00947125.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00947125.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.10:C:\RECYCLER\NPROTECT\00947126.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\RECYCLER\NPROTECT\00947126.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00947126.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00947126.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00947126.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00947126.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00947126.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00947126.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00947126.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00947126.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00947126.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.12:C:\RECYCLER\NPROTECT\00947128.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\RECYCLER\NPROTECT\00947128.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.14:C:\RECYCLER\NPROTECT\00947128.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.15:C:\RECYCLER\NPROTECT\00947128.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00947128.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00947128.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.22:C:\RECYCLER\NPROTECT\00947128.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.23:C:\RECYCLER\NPROTECT\00947128.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.24:C:\RECYCLER\NPROTECT\00947128.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.25:C:\RECYCLER\NPROTECT\00947128.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00947128.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00947129.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00947129.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00947129.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00947129.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00947129.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00947129.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00947129.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00947129.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.28:C:\RECYCLER\NPROTECT\00947129.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.29:C:\RECYCLER\NPROTECT\00947129.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.30:C:\RECYCLER\NPROTECT\00947129.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.16:C:\RECYCLER\NPROTECT\00947130.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\RECYCLER\NPROTECT\00947130.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\RECYCLER\NPROTECT\00947130.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.19:C:\RECYCLER\NPROTECT\00947130.MOZ -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.20:C:\RECYCLER\NPROTECT\00947130.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.21:C:\RECYCLER\NPROTECT\00947130.MOZ -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\RECYCLER\NPROTECT\00947130.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.27:C:\RECYCLER\NPROTECT\00947130.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mo
  • 0

#6
thejones6

thejones6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Don't mind me...coffee kicking in.....
Could the Gator be from the Yahoo toolbar I installed yesterday on IE? I thought it would protect me from popups...I think I got the Trojan.Vundo from the Winfixer pop up. I rarely go into IE except to do things that I can't in Firefox because of the Java and certain websites won't show in anything else except IE...the ActiveX stuff I suppose.
Thanks again for your help and feedback...it is GREATLY appreciated!! :-)

I am going to post a current Hijack This :
Logfile of HijackThis v1.99.1
Scan saved at 6:45:27 AM, on 10/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Documents and Settings\Gwen\My Documents\Virus cleanup\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless-G Notebook Adapter Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter\Startup.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaud...d/ccpm_0237.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://212.150.183.2...sCamControl.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#7
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
wow. That cleaned up nicely...

Use Windows Explorer to remove this folder:
C:\Documents and Settings\Gwen\Favorites\Health

***

Please empty the Norton Protected Recycle Bin.

***

Can you tell me in what order you did Panda and Ewido?
  • 0

#8
thejones6

thejones6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
GREAT thanks....I deleted the Health folder.
If I remember correctly I ran Ewido and then Panda.
Ewido has a beta scanner on its website..I ran that yesterday and it killed two more adaware. That was after I installed Spyblaster and Spyguard....how do these things get through!!! I also uninstalled yahoo toolbar and installed Google toolbar since I ran across a thread here that suggested
Google toolbar.
  • 0

#9
thejones6

thejones6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
I can't seem to get rid of this one....... when I run AdawareSE 1.06 it does not show up???????????

Panda report:
Incident Status Location

Adware:adware/gator No disinfected Windows Registry
  • 0

#10
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Let's see what you have there.
  • Open HijackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from notepad into your post

  • 0

Advertisements


#11
thejones6

thejones6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
thanks again for all your help...here is the list :-)

Ad-Aware SE Personal
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
Agere Systems AC'97 Modem
AOL Instant Messenger
ATI Control Panel
ATI Display Driver
BroadJump Client Foundation
BroadJump CorrectConnect Engine
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
ccCommon
CleanUp!
Easy CD & DVD Creator 6
Google Toolbar for Internet Explorer
HijackThis 1.99.1
HP Deskjet Preloaded Printer Drivers
HP Memories Disc
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
Internet Worm Protection
InterVideo WinDVD
IPRO Tech Coding Client
IT 8.0 Code Viewer
Java 2 Runtime Environment, SE v1.4.2
Linksys PrintServer Driver
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office 2000 SR-1 Professional
Mozilla Firefox (1.0.7)
Mozilla Thunderbird (1.0.6)
MSN Messenger 6.2
MSN Music Assistant
MSRedist
Norton AntiVirus 2005
Norton AntiVirus Parent MSI
Norton SystemWorks
Norton SystemWorks 2005 (Symantec Corporation)
Norton Utilities
Norton WMI Update
Norton WMI Update
NSW_DRM_COLLECTION
Odyssey Client
Panda ActiveScan
Photosmart 140,240,7200,7600,7700,7900 Series
Popup Verses 1.0.0 Build 7
Quicken 2005
QuickTime
RealPlayer
Security Task Manager 1.6f
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
SoundMAX
SPBBC
Spybot - Search & Destroy 1.4
SpywareBlaster v3.4
SpywareGuard v2.2
Support.com Software
Symantec Script Blocking Installer
SymNet
Synaptics Pointing Device Driver
Twain Driver Uninstaller
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinMX
WinTasks Trial
Wireless-G Notebook Adapter
Yahoo! Install Manager
Yahoo! Messenger
Zone Deluxe Games
  • 0

#12
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I don't see anything there I think may cause a problem.


Looking back I realize the Panda report is incomplete. Can you repost it without the 'recycler' part (please edit that out)?
  • 0

#13
thejones6

thejones6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
When I scan using Panda and it finishes...this is the only report that comes up when I click save report.
Incident Status Location

Adware:adware/gator No disinfected Windows Registry

What am I missing? sorry to be such a pain...I was figuring on reformatting my harddrive in a few months anyway.
  • 0

#14
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Gator comes bundled with other software. Most of the time you won't know it's installed.


If you are comfortable with it we can remove it from the Registry.

Download and install Registrar Lite.

Let's go search the Registry for gator
Please be very carefull what you do. A corrupt Registry is a broken down machine.

Doubleclick the file you just downloaded.
An Installshield will appear. Follow the instructions.

Go to start - programs - RegistrarLite - Registrar Lite
Since it's the first time you open it, the program will finish the installation.

Press the magnifying glass
In the box 'text to search for' type
gator
press 'enter'. The program will search the Registry looking for items.

When it's done searching you will see a window with rows.
Click a row (*)
Right-click and select 'remove/delete'. Delete key and value.

When you are done, check to see if Panda agrees.

Let me know what happens.
  • 0

#15
thejones6

thejones6

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thanks again for all your help!
My apologizes for not replying sooner...I have been trying to clean up the other pc's in my home with the
fine suggestions and help I have received here.

I downloaded and installed RegistrarLite...and when I did the scan for "gator" I got 50 different key, value and data entry....so I didn't want to touch any of those since I have no idea what they are!!!

I just don't understand why Adaware and Spybot doesn't pick up these that Panda does pickup??!!


thanks again :-)

Edited by thejones6, 18 October 2005 - 12:41 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP