Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

trojan help [RESOLVED]


  • This topic is locked This topic is locked

#1
bkp

bkp

    Member

  • Member
  • PipPip
  • 62 posts
did all the stem to try and remove and seem to still have a problem esp. with the internet. here is my hyjack list
and ewido list


do you need anything else?

thanks

brian


Logfile of HijackThis v1.99.1
Scan saved at 7:39:37 AM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZPxdm168XXUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\tmpUpgrade\..\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\tmpUpgrade\..\PartyPoker.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamesoduser.c...es/exentCtl.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g...er_2_0_0_32.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...eed/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe



ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:58:25 PM, 10/16/2005
+ Report-Checksum: 223ACD94

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\FocusInteractive\Outlook\\MyWebSearch.OutlookAddin -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinadX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/WinadX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD} -> Spyware.Transponder : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1829042710-3000998389-3923178089-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1829042710-3000998389-3923178089-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1829042710-3000998389-3923178089-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1829042710-3000998389-3923178089-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-21-1829042710-3000998389-3923178089-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1829042710-3000998389-3923178089-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1829042710-3000998389-3923178089-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-21-1829042710-3000998389-3923178089-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-1829042710-3000998389-3923178089-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1829042710-3000998389-3923178089-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
[11764] C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL -> Spyware.MyWebSearch : Error during cleaning
C:\Documents and Settings\Becky\Cookies\becky@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@a-1shz2prbmdj6wvny-1sez2pra2dj6wflocoaziaqq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyskdzsgpw-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@a-1shz2prbmdj6wvny-1sez2pra2dj6wjliagdjihpw-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@a-1shz2prbmdj6wvny-1sez2pra2dj6wjlogldjkcpq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1kazigpqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1kc5kbqamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1sd5elpqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wfkiapajslo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wfkigpdzwlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wfkikpdjikq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wfliuid5kdp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wflocmczobo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wflokgazeap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjk4ekczolp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjkoaldjalp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjkouhczekp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjkowldpskp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjkyolajgao.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjl4amc5eko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjlioidpsho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjlokgczobp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjlygiajsbq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjlyqjazgdq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjmygkdjmkq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjnyandjadp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjnycgc5wdp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjnycocjoco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjnyekcpagp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjnyeod5who.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjnyghdzahp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjnysic5ifo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@e-2dj6wjnyuodzckp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@www.fun.com.18345.fb.dbbsrv[2].txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkiopcpwhpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoagdzcdoasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkooldjkgqqwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoqnazgdowwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wflignajsapqidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wfliuiczefpwydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoajc5caoaudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocldpedogqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokhajsdogsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyckcjahpasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkycodzcdowmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkykpajgfpwwdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyugcpeaoaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4eldzshowmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4sndpchogudj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliglazsdpwidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjligldjokoa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlispczwgogsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlokgczobpamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloslcpsbogudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlospdpwlpwidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloujdzcdogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlowod5sapwsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqiczkdqaqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyshajoapgmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyaiczkdow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmygkdjmkqaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyknajieqa6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyshdzalogmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyeoajacoqudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygmd5mcowudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyokajologsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyujazogqq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywhcpkapa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Becky\Cookies\becky@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnywodjsepg6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\kyle\Cookies\kyle@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Comclick : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Clickhype : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vhh7i0o5.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cbs.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfk4egdzodo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkikjcjcco.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkiold5kbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfkocndzkgp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wflikndjshq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wfmiekc5odp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wgkikid5mlo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjk4qmazmaq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkowkcjako.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkygoc5ebq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjkyuiazocp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4gmdjmeo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjl4qndzsbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlownazoco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyajdjicp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjlyehcjakq.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjmygmazeho.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjny-1ndpcb.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
-> : Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@e-2dj6wjnyojdpwlp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\39SKCJVB\__delete_on_reboot__WFXScanR[1].exe -> Not-A-Virus.Downloader.Agent.c : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\A74BHUVE\WinFixer2005ScannerInstall[1].exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\Downloads\OregonTrail-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL -> Spyware.Wesbar : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE -> Spyware.Wesbar : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL -> Spyware.Wesbar : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\bar\1.bin\__delete_on_reboot__F3POPSWT.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\MyWebSearch\SrchAstt\1.bin\__delete_on_reboot__MWSSRCAS.DLL -> Spyware.Wesbar : Cleaned with backup
C:\Program Files\Netscape\Netscape 6\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.PornWare.PopCap.b : Cleaned with backup
C:\WINDOWS\system32\awvtu.dll -> TrojanSpy.Agent.hn : Cleaned with backup
C:\WINDOWS\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
F:\Documents and Settings\Becky\Cookies\becky@specificpop[2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
F:\Documents and Settings\Becky\Cookies\becky@www2.enigmasoftwaregroup[2].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1gajkkpaqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@download.com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@ehg-dig.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@grandonline[2].txt -> Spyware.Cookie.Grandonline : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@specificpop[2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@www.grandonline[2].txt -> Spyware.Cookie.Grandonline : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@www2.enigmasoftwaregroup[1].txt -> Spyware.Cookie.Enigmasoftwaregroup : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlygpdjsdpqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiakdjcdpwsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyemdzagpqmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\Documents and Settings\Brian\Cookies\brian@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyuhajgbpqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
F:\Documents and Settings\Brian\Local Settings\Temporary Internet Files\Content.IE5\C9E7GDQV\Params.richmedia=yes&Pa
  • 0

Advertisements


#2
John McKenna

John McKenna

    Visiting Staff

  • Member
  • PipPipPip
  • 230 posts
Hi and welcome to Geeks! :tazz:


Keeping Track of Your Topic
  • Please subscribe to this thread by clicking 'Track this topic' at the top of the thread.
  • Enable email notification to subscribed threads via your Geeks My Controls panel above.
  • Keep ALL future replies in this thread please.
Please copy these instructions to notepad or print them out.

Step 1

I need you to disable some of the protection you have installed before applying the following fix please.

Open Microsoft AntiSpyware & disable the real-time protection.
  • Click on Tools | Settings.
  • In the left pane, click on Real-time Protection.
  • Under Startup Options uncheck: "Enable the microsoft AntiSpyware Security Agents on startup (recommended)".
  • Under Real-time spyware threat protection uncheck: "Enable real-time spyware threat protection (recommended)".
  • Click the Save button and close MSAS.
  • Right click on the MSAS system tray icon and select Shutdown Microsoft AntiSpyware.
Disable Trojan Hunter's Guard.
  • Right-click the Trojan Hunter system tray icon (blue magnifying glass).
  • Select "Settings" and uncheck the "Load at startup" and "Enabled" options.
Disable Ewido's Guard:
  • Open Ewido and select "Deactivate Guard" under the 'Additional' menu.
REBOOT THE MACHINE


Step 2

Run HJT again and checkmark the boxes next to the following (if still present):-

R3 - Default URLSearchHook is missing
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: (no name) - {E434D3C7-A673-4100-8140-79C020945017} - (no file)
O3 - Toolbar: (no name) - {53829F91-1B06-4DB9-B13E-812A986169F9} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZPxdm168XXUS
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} (WTHoster Class) - http://install.wildt...eed/install.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll

Close ALL OPEN WINDOWS/BROWSERS and click Fix Checked


Step 3

Download and install CrapCleaner to clean temp files from your computer.
  • Open CCleaner and click the "Options" button on the left and then "Advanced"
  • Remove the checkmark from "Only delete files from Windows Temp Folders older than 48 hours"
  • Now click the "Cleaner" button on the left and look on the "Windows" tab, under "Internet Explorer".
  • Uncheck "Cookies" if you do not want them removed or you'll need to re-enter ALL passwords for any sites you autologin at !!
  • Alternatively, you can you can leave the cookies box checked for removal but individually retain autologin cookies via Options > Cookies if you prefer.
  • If using either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click Run Cleaner to run the program.
  • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
  • After CCleaner has completed its process, click Exit.
Step 4

Symantec have just updated their Vundo removal tool so lets try that first.

Please download & run FixVundo 1.3.1
  • Close all running programs (including your Internet Browser).
  • Locate the file that you just downloaded.
  • Double-click the FixVundo.exe file to start the removal tool.
  • Click Start to begin the process, and then allow the tool to run.
  • Important: Do NOT launch any new applications while the tool is running!
  • Restart the computer.
  • Run the removal tool again to ensure that the system is clean.
Step 5

Then run any of the following online virus scans (saving the scan report when complete):Step 6

Then post a fresh HJT log after rebooting along with the online scan results.

.

Edited by John McKenna, 17 October 2005 - 11:43 AM.

  • 0

#3
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
here is my kasper and hijack log after i clean up again how does this look....?

thanks for the help

brian


KASPERSKY ON-LINE SCANNER REPORT
Monday, October 17, 2005 21:31:54
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 18/10/2005
Kaspersky Anti-Virus database records: 145340
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\

Scan Statistics:
Total number of scanned objects: 121726
Number of viruses found: 19
Number of infected objects: 53
Number of suspicious objects: 0
Duration of the scan process: 3534 sec

Infected Object Name - Virus Name
C:\Program Files\Norton AntiVirus\Quarantine\02BE4D03 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\0DE812FA Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\Program Files\Norton AntiVirus\Quarantine\109F24A8.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\10AC4C99.htm Infected: Exploit.VBS.Phel.a
C:\Program Files\Norton AntiVirus\Quarantine\182676BA.class Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton AntiVirus\Quarantine\182676BA.php Infected: Trojan-Downloader.JS.Small.d
C:\Program Files\Norton AntiVirus\Quarantine\1F8E6279 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1F97606E/ Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1F97606E Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1F9B0A6B Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1F9E3467 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1FA15E64 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1FA50860 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1FA8325C Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1FAB5C59 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1FAE0655 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1FB21384 Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\1FB23052 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1FB55A4E Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1FB8044A Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1FBB2E47 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\1FBF5843 Infected: Trojan-Clicker.Win32.Delf.r
C:\Program Files\Norton AntiVirus\Quarantine\1FC20240 Infected: Trojan-Downloader.Win32.Dyfuca.da
C:\Program Files\Norton AntiVirus\Quarantine\25044498/ Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\25044498 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\272C16D9 Infected: Trojan-Downloader.Win32.Dyfuca.cr
C:\Program Files\Norton AntiVirus\Quarantine\278C1036 Infected: Trojan-Downloader.Win32.Stubby.c
C:\Program Files\Norton AntiVirus\Quarantine\314D6825 Infected: Trojan-Downloader.Win32.Dyfuca.cr
C:\Program Files\Norton AntiVirus\Quarantine\31501221 Infected: Trojan-Dropper.Win32.Delf.z
C:\Program Files\Norton AntiVirus\Quarantine\31533C1D Infected: Trojan-Downloader.Win32.Dyfuca.co
C:\Program Files\Norton AntiVirus\Quarantine\3156661A Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\32BC52D8 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\3383423C Infected: Trojan-Downloader.Win32.Stubby.c
C:\Program Files\Norton AntiVirus\Quarantine\365422C9 Infected: Trojan-Dropper.Win32.Delf.z
C:\Program Files\Norton AntiVirus\Quarantine\3CF64E0D Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Norton AntiVirus\Quarantine\465F0399 Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Norton AntiVirus\Quarantine\481301F0.class Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton AntiVirus\Quarantine\482034FB/ Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\482034FB Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\48862B02 Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\4BCE657F Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\5DDB688A Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\63F532FD Infected: Trojan-Downloader.Win32.Dyfuca.dc
C:\Program Files\Norton AntiVirus\Quarantine\67EC0867/alchem.exe Infected: Trojan-Downloader.Win32.Alchemic
C:\Program Files\Norton AntiVirus\Quarantine\67EC0867 Infected: Trojan-Downloader.Win32.Alchemic
C:\Program Files\Norton AntiVirus\Quarantine\67F35C60 Infected: Trojan-Downloader.JS.IstBar.k
C:\Program Files\Norton AntiVirus\Quarantine\68032E4E Infected: Trojan-Downloader.JS.IstBar.j
C:\Program Files\Norton AntiVirus\Quarantine\748A7E00 Infected: Trojan-Downloader.Win32.Stubby.c
C:\Program Files\Norton AntiVirus\Quarantine\74A44DE3 Infected: Trojan-Downloader.Win32.Stubby.c
C:\Program Files\Norton AntiVirus\Quarantine\74A777DF Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Norton AntiVirus\Quarantine\76C71AFD Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Norton AntiVirus\Quarantine\7B3946D1 Infected: Trojan.Win32.Revop.c
C:\System Volume Information\_restore{681AD0F2-0D47-41B9-8237-A8C74BD32DF4}\RP7\A0001895.dll Infected: Trojan-Spy.Win32.Agent.hn

Scan process completed.



Logfile of HijackThis v1.99.1
Scan saved at 6:39:53 AM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\tmpUpgrade\..\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\tmpUpgrade\..\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamesoduser.c...es/exentCtl.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g...er_2_0_0_32.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#4
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
see my last post too please. but this is a message i get too from mcafee and cant seem to clean this one
F:\system volume information\_restore{681ad0f2-0d47-41b9-8237-a8c74bd32df4}\rp3

i try and remove it and says file "a0000448.inf" cannot be cleaned that is not write protected and try again and i did a few time and still not luck
  • 0

#5
John McKenna

John McKenna

    Visiting Staff

  • Member
  • PipPipPip
  • 230 posts
Vundo is banished and your Kaspersky scan only picks up quarantined objects and an infected system restore point which is harmless unless you restore the machine to an earlier date. We'll clean that restore point before you are on your way though.


Run HJT again and checkmark the boxes next to the following:-

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drs...esearch.cgi?id=
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

Close ALL OPEN WINDOWS/BROWSERS and click Fix Checked


Reboot and post a fresh log.

How's the machine running now?
  • 0

#6
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
i did that however this line i could not find

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

so i only deleted the other one. and as far as my system it seems to be working fine. did you see the other post above about the system volume on f drive? i keep getting that to pop up on mcaffe?



thanks for all the help it is helping alot!

brian


Logfile of HijackThis v1.99.1
Scan saved at 7:18:31 AM, on 10/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\BigFix\BigFix.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\tmpUpgrade\..\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\tmpUpgrade\..\PartyPoker.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...99/mcinsctl.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamesoduser.c...es/exentCtl.ocx
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g...er_2_0_0_32.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe :tazz: :)
  • 0

#7
John McKenna

John McKenna

    Visiting Staff

  • Member
  • PipPipPip
  • 230 posts

did you see the other post above about the system volume on f drive? i keep getting that to pop up on mcaffe?


I did indeed Brian. McAfee is detecting that infected System Restore point I mentioned in my last post.

We'll remove that now for you. :)


Now that you're clean again, please follow these simple steps to keep yourself safe and secure in the future.


Disable and Re-enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

You can find instructions on how to disable and re-enable system restore here:

Windows XP System Restore Guide

or

Managing Windows Millenium System Restore

Re-enable system restore with instructions from the tutorial above.



Clean out ALL Temp Files

This process will clean out your Temp files and your Temporary Internet Files. Please do both steps:

Step 1: Delete Temp Files
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.

This should open up the temp directory that your machine uses. Please delete all files that are found there. If you get an error when deleting a file, skip that file and delete all the others. If you had trouble deleting a file, reboot into Safe Mode and follow this step again. You should now be able to delete all the files.

Step 2: Delete Temporary Internet Files
Now I want you to open up Internet Explorer, click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the 'Delete Files' button and put a checkmark in 'Delete Offline Content'. Then press the OK button. This may take quite a while, so don't be alarmed if it takes a while.

Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet



Safe Surfing

HJM :tazz:
  • 0

#8
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
is this virus that i had transferable via email cause i sent my dad an email and he said his computer has the same virus? i sent it after i was clean so i dont think he got it from me??

what is your thought

brian
  • 0

#9
John McKenna

John McKenna

    Visiting Staff

  • Member
  • PipPipPip
  • 230 posts
Vundo is often caught by clicking on a link in a spammed email so if you became infected this way and forwarded it onto your dad and he clicked the same link, there's every possibilty you're responsible. :tazz:

But that's a big if...

He might have just have received the same email as you did in the first place.
  • 0

#10
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 62 posts
well i think you help me out thanks you so much!! one last thing i just tried to type a message here and tried to post and got this message? what does this mean? anything to be consered about?

thanks so much agian

brian

SQL error: Can't create a new thread (errno 11). If you are not out of available memory, you can consult the manual for a possible OS-dependent bug
SQL error code:
Date: Thursday 20th of October 2005 08:52:41 PM
  • 0

#11
John McKenna

John McKenna

    Visiting Staff

  • Member
  • PipPipPip
  • 230 posts
It would appear it's a problem with the board and not your machine.

You might like to post this error message in the Comments and Suggestions forum so that the relevant Techs hopefully see the problem and fix it. :tazz:
  • 0

#12
John McKenna

John McKenna

    Visiting Staff

  • Member
  • PipPipPip
  • 230 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP