Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

pokapoka76.exe [RESOLVED]

Started by i need scissors61 , Oct 23 2005 03:43 PM

  • This topic is locked This topic is locked

#1
i need scissors61
Posted 23 October 2005 - 03:43 PM

i need scissors61

    Member

  • Member
  • PipPip
  • 24 posts
Not really too sure how I got this on my computer, but I'm guessing it's from my sister using Limewire all the time. Randomly closes programs that I have open, and I can't open FireFox at all. I ran Spyware S&D and it doesn't seem like it did anything.


here's my log:

Logfile of HijackThis v1.99.1
Scan saved at 5:39:07 PM, on 10/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\etb\pokapoka76.exe
C:\WINDOWS\UGF0\command.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\browser\YBrowser.exe
C:\Documents and Settings\Pat\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dotmusic....3/news29621.asp
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\System32\bho.dll
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nsn2BE.dll
O2 - BHO: XBTB08731 - {56B90057-DFC9-4075-87B6-2AAFED4FEF0F} - C:\PROGRA~1\FATPIC~1\FATPIC~1.DLL
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\5zyr.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\System32\qlink32.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\System32\irasoiwk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O3 - Toolbar: Fatpickle Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\Fatpickle Toolbar\fatpickle.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ukzbnni] C:\WINDOWS\ukzbnni.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\\\etb\\pokapoka76.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ssgxkl.exe reg_run
O4 - HKLM\..\RunOnce: [9wjiyu.exe] C:\WINDOWS\System32\9wjiyu.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [9wjiyu.exe] C:\WINDOWS\System32\9wjiyu.exe /k
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...US_ZNxmk545CEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - http://downloads.sho...Install4110.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EF135AB-BF2F-4BA0-A745-21F71C33ED37}: NameServer = 206.141.193.55 206.141.192.60
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UGF0\command.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Pat\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\oxdrklx.exe
  • 0

Advertisements

#2
Trevuren
Posted 23 October 2005 - 05:11 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi I need Scissors61 and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time. DO NOT UPGRADE TO SP2 AT THIS TIME
  • Click HERE for the update.
  • Apply the update.
  • REBOOT YOUR SYSTEM
2. Please DELETE your current HJT program from its present location.

3. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Close ALL windows except HJT

B. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

C. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren
  • 0

#3
i need scissors61
Posted 23 October 2005 - 08:22 PM

i need scissors61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hey, thanks a lot for the help.


Logfile of HijackThis v1.99.1
Scan saved at 10:19:55 PM, on 10/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\etb\pokapoka76.exe
C:\WINDOWS\UGF0\command.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dotmusic....3/news29621.asp
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\System32\bho.dll
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\System32\nsn2BE.dll
O2 - BHO: XBTB08731 - {56B90057-DFC9-4075-87B6-2AAFED4FEF0F} - C:\PROGRA~1\FATPIC~1\FATPIC~1.DLL
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\5zyr.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\System32\qlink32.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\System32\irasoiwk.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (file missing)
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O3 - Toolbar: Fatpickle Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\Fatpickle Toolbar\fatpickle.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ukzbnni] C:\WINDOWS\ukzbnni.exe
O4 - HKLM\..\Run: [System service76] C:\WINDOWS\etb\pokapoka76.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\ssgxkl.exe reg_run
O4 - HKLM\..\RunOnce: [9wjiyu.exe] C:\WINDOWS\System32\9wjiyu.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [9wjiyu.exe] C:\WINDOWS\System32\9wjiyu.exe /k
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...US_ZNxmk545CEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} (Installer Class) - http://downloads.sho...Install4110.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EF135AB-BF2F-4BA0-A745-21F71C33ED37}: NameServer = 206.141.193.55 206.141.192.60
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMSystem\plugin.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UGF0\command.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Pat\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\oxdrklx.exe
  • 0

#4
Trevuren
Posted 26 October 2005 - 02:52 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Hi I need scissors. I apologize for the delay in responding, your post did not register during our recent troubles.

A. Please download LQfix.exe and save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will now reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.

B. Download a trial version of SpySweeper
  • Install the application
  • Update its definitions
  • Run the program
  • Let it remove everything it wants
  • Finally, when it has finished its work, REBOOT your system.

C. Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
  • Please download ewido security suite it is a trial version of the program.
    • Install ewido security suite
    • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    • Launch ewido, there should be an icon on your desktop double-click it.
    • The program will prompt you to update click the OK button
    • The program will now go to the main screen
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update
    • Click on Start
    • The update will start and a progress bar will show the updates being installed.
  • Once the updates are installed do the following:
    • REBOOT into Safe Mode
    • Run EWIDO
    • Click on scanner
    • Click on Start Scan
    • Let the program scan the machine
    • While the scan is in progress you will be prompted to clean files, click OK
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report
    • Save the report to your desktop
  • Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply
Regards,

Trevuren
  • 0

#5
i need scissors61
Posted 26 October 2005 - 08:21 PM

i need scissors61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Thanks a ton for all of them help, Trevuren.

Here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:18:19 PM, on 10/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dotmusic....3/news29621.asp
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTB08731 - {56B90057-DFC9-4075-87B6-2AAFED4FEF0F} - C:\PROGRA~1\FATPIC~1\FATPIC~1.DLL (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\e042ik.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\System32\irasoiwk.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Fatpickle Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\Fatpickle Toolbar\fatpickle.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ukzbnni] C:\WINDOWS\ukzbnni.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
O4 - HKLM\..\RunOnce: [m5z1mkb.exe] C:\WINDOWS\System32\m5z1mkb.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [m5z1mkb.exe] C:\WINDOWS\System32\m5z1mkb.exe /k
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...US_ZNxmk545CEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} - http://downloads.sho...Install4110.cab
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\UGF0\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Pat\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarOpen - Webroot Software (www.webroot.com) - (no file)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:13:27 PM, 10/26/2005
+ Report-Checksum: 843145C0

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00A6FAF1-072E-44cf-8957-5838F569A31D} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\FocusInteractive\Outlook\\MyWebSearch.OutlookAddin -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-682003330-220523388-2146964071-1004\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Error during cleaning
:mozilla.25:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.358:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.359:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.517:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.518:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.519:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.568:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.569:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.570:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.571:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.572:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.580:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.583:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.584:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.585:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.629:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.642:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.643:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.690:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.691:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.692:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.769:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.779:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.780:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.793:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.795:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.796:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.799:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.800:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.814:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.821:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.847:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.853:C:\Documents and Settings\Pat\Application Data\Mozilla\Firefox\Profiles\ih9f6djl.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\pat@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\pat@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\pat@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\pat@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\pat@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\pat@trafic[1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
C:\Documents and Settings\Pat\Cookies\pat@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\1114406_48408_1456_48528_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\524948_39616_1840_39808_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\524948_39616_1840_39812_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\65730_1680_1476_1896_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_1273.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_1631.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_4098.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_5B22.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_5C04.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_6D73.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_6F5C.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_8992.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_8BBE.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_90BD.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_A74C.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_ABF2.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_B48.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_BAD4.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_CBDC.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_D2DE.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_DB20.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_E26E.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_EAE1.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_EDC9.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temp\k_F082.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Pat\Local Settings\Temporary Internet Files\Content.IE5\6JWRWZ87\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\Acceleration Software\Anti-Virus\engine_setup.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Program Files\Acceleration Software\Anti-Virus\syssnap_update.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Common Files\eAcceleration\eAnthComponents\syssnap_install.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Program Files\Common Files\eAcceleration\Installer\eaccel_updater.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Program Files\Common Files\eAcceleration\SysSnap\setup.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Program Files\Common Files\eAcceleration\SysSnap\sfx.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\bxrxhgk.exe -> TrojanDropper.Agent.mu : Cleaned with backup
C:\WINDOWS\fzlcahd.exe -> Trojan
  • 0

#6
Trevuren
Posted 26 October 2005 - 08:36 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
We atill have a way to go my friend:

A. I want you to download and run a free trial version of an anti-trojan program called: Trojan Hunter . Let it scan your whole system and remove anything it finds.

REBOOT your system.

B. We want to stop, disable and delete an added service (023)

A. To stop a service and set to 'disabled'
  • Go to Start > Run and type in Services.msc then click OK
  • Click the Extended tab.
  • Scroll down until you find the service.
    ===> Command Service
  • Click once on the service to highlight it.
  • Click Stop
  • Right-Click on the service.
  • Click on 'Properties'
  • Select the 'General' tab
  • Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
  • From the drop-down menu, click on 'Disabled'
  • Click the 'Apply' tab, then click 'OK'
The service is now stopped and disabled.


B. We will now delete the service:
  • Open HJT
  • Click on Config>>Misc Tools>>Delete an NT Service
  • Copy/Paste cmdService in the space provided and click OK
  • The program will ask you to REBOOT --- Accept
  • REBOOT into SAFE MODE
  • Using Windows Explorer, locate and DELETE the following file (if it still is present):

    C:\WINDOWS\UGF0<===Folder

  • REBOOT back into Normal Mode
  • Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.
Regards,

Trevuren
  • 0

#7
i need scissors61
Posted 27 October 2005 - 01:42 PM

i need scissors61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:41:51 PM, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\ukzbnni.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dotmusic....3/news29621.asp
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTB08731 - {56B90057-DFC9-4075-87B6-2AAFED4FEF0F} - C:\PROGRA~1\FATPIC~1\FATPIC~1.DLL (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\e042ik.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\System32\irasoiwk.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Fatpickle Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\Fatpickle Toolbar\fatpickle.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ukzbnni] C:\WINDOWS\ukzbnni.exe
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
O4 - HKLM\..\RunOnce: [m5z1mkb.exe] C:\WINDOWS\System32\m5z1mkb.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [m5z1mkb.exe] C:\WINDOWS\System32\m5z1mkb.exe /k
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...US_ZNxmk545CEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} - http://downloads.sho...Install4110.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EF135AB-BF2F-4BA0-A745-21F71C33ED37}: NameServer = 206.141.193.55 206.141.192.60
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\Pat\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarOpen - Webroot Software (www.webroot.com) - (no file)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • 0

#8
Trevuren
Posted 27 October 2005 - 02:46 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
We want to stop, disable and delete an added service (023)

A. To stop a service and set to 'disabled'
  • Go to Start > Run and type in Services.msc then click OK
  • Click the Extended tab.
  • Scroll down until you find the service.
    ===> hpdj
  • Click once on the service to highlight it.
  • Click Stop
  • Right-Click on the service.
  • Click on 'Properties'
  • Select the 'General' tab
  • Click the Arrow-down tab on the right-hand side on the 'Start-up Type' box
  • From the drop-down menu, click on 'Disabled'
  • Click the 'Apply' tab, then click 'OK'
The service is now stopped and disabled.


B. We will now delete the service:

1. Open HJT

2. Click on Config>>Misc Tools>>Delete an NT Service

3. Copy/Paste hpdj in the space provided and click OK

4. The program will ask you to REBOOT --- Accept

5. REBOOT into SAFE MODE

6. Using Windows Explorer, locate and DELETE the following file (if it still is present):

C:\DOCUME~1\Pat\LOCALS~1\Temp\hpdj.exe

7. REBOOT back into Normal Mode

8. Finally, run HijackThis, click SCAN, produce a LOG and POST it in this thread for review.

Regards,

Trevuren
  • 0

#9
i need scissors61
Posted 28 October 2005 - 01:52 PM

i need scissors61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here's the new log:


Logfile of HijackThis v1.99.1
Scan saved at 3:52:51 PM, on 10/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\0dv48r.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dotmusic....3/news29621.asp
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XBTB08731 - {56B90057-DFC9-4075-87B6-2AAFED4FEF0F} - C:\PROGRA~1\FATPIC~1\FATPIC~1.DLL (file missing)
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\e042ik.dll
O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\System32\irasoiwk.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Fatpickle Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\Fatpickle Toolbar\fatpickle.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
O4 - HKLM\..\RunOnce: [m5z1mkb.exe] C:\WINDOWS\System32\m5z1mkb.exe /k
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [m5z1mkb.exe] C:\WINDOWS\System32\m5z1mkb.exe /k
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebse...US_ZNxmk545CEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} - http://downloads.sho...Install4110.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EF135AB-BF2F-4BA0-A745-21F71C33ED37}: NameServer = 206.141.193.55 206.141.192.60
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarOpen - Webroot Software (www.webroot.com) - (no file)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • 0

#10
Trevuren
Posted 28 October 2005 - 02:16 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.
  • First we need to make all files and folders VISIBLE:
    • Go to start>control panel>folder options>view (tab)
    • Choose to "show hidden files and folders,"
    • Uncheck the "hide protected operating system files" and the "hide extensions for know file types" boxes.
    • Close the window with ok
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/...hoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...hoo.sbc.com/dsl
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/...//www.yahoo.com
    R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
    O2 - BHO: XBTB08731 - {56B90057-DFC9-4075-87B6-2AAFED4FEF0F} - C:\PROGRA~1\FATPIC~1\FATPIC~1.DLL (file missing)
    O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\e042ik.dll
    O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\System32\irasoiwk.dll (file missing)
    O3 - Toolbar: Fatpickle Toolbar - {34F459B8-1D37-4FF2-9EFA-192D8E3ABA6F} - C:\Program Files\Fatpickle Toolbar\fatpickle.dll (file missing)
    O4 - HKLM\..\RunOnce: [m5z1mkb.exe] C:\WINDOWS\System32\m5z1mkb.exe /k
    O4 - HKCU\..\RunOnce: [m5z1mkb.exe] C:\WINDOWS\System32\m5z1mkb.exe /k
    O8 - Extra context menu item: &Search - http://edits.mywebse...US_ZNxmk545CEUS
    O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0002.exe
    O16 - DPF: {E9670165-86FE-4C34-8C4B-D3158DDC5D92} - http://downloads.sho...Install4110.cab
    O23 - Service: StarOpen - Webroot Software (www.webroot.com) - (no file)

  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System in Safe Mode

    How to use the F8 method to Start Your Computer in Safe Mode

    • Restart the computer.
    • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
    • Use the arrow keys to select the Safe mode menu item
    • Press Enter.
  • Using Windows Explorer, locate the following files/folders, and DELETE them (if they are present):

    C:\WINDOWS\System32\0dv48r.exe
    C:\WINDOWS\system32\e042ik.dll
    C:\WINDOWS\System32\m5z1mkb.exe


  • Exit Explorer, and REBOOT BACK INTO NORMAL MODE

  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now.
Regards,

Trevuren
  • 0

Advertisements

#11
i need scissors61
Posted 28 October 2005 - 07:12 PM

i need scissors61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Did everything you said:

Logfile of HijackThis v1.99.1
Scan saved at 9:12:15 PM, on 10/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dotmusic....3/news29621.asp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\e042ik.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarOpen - Webroot Software (www.webroot.com) - (no file)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
  • 0

#12
Trevuren
Posted 28 October 2005 - 07:29 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
We must disable Spy Sweeper for it may interfere with our fix

To disable SpySweeper:
  • Open SpySweeper, click >Options over to the left then >program options >Uncheck "load at windows startup".
  • Over to the left, click "shields" and uncheck all there.
  • Uncheck "home page shield".
  • Uncheck 'automaticly restore default without notifiction
  • Please RUN HijackThis.
    . Click the SCAN button to produce a log.

  • Place a check mark beside each one of the following items:

    O2 - BHO: (no name) - {7A1693A1-AFAF-4F1E-9B05-EEC38A85FBF3} - C:\WINDOWS\system32\e042ik.dll (file missing)


  • Now with all the items selected, and all windows closed except for HJT, delete them by clicking the FIX checked button. Close the HijackThis window.

  • Reboot Your System


  • Finally, RUN Hijackthis again and produce a new HJT log. Post it in the forum so we can check how everything looks now. In addition, please tell me if there are any more malware problems that you are aware of.
Regards,

Trevuren
  • 0

#13
i need scissors61
Posted 29 October 2005 - 01:19 PM

i need scissors61

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
The entry in the HJT log you said to delete wasn't there. Nothing else seems to be wrong with my computer now, thanks a lot!


Logfile of HijackThis v1.99.1
Scan saved at 3:18:12 PM, on 10/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.clicktoma...rch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.clicktoma...rch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.clicktoma...rch.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/...hoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.clicktoma...rch.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dotmusic....3/news29621.asp
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKLM\..\Run: [eanth_critical_update_alert] C:\PROGRA~1\ACCELE~1\ANTI-V~1\EANTH_~1.EXE /Startup
O4 - HKLM\..\RunOnce: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus /ro
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\System32\wuauclt.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\System32\wuauclt.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.barg...IVOTAL_3_DB.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {26098EA2-C95D-48EA-89B4-63C5A63BD42F} - http://www.pacimedia...ll/pcs_0031.exe
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.../ax/adwerkz.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2EF135AB-BF2F-4BA0-A745-21F71C33ED37}: NameServer = 206.141.193.55 206.141.192.60
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: StarOpen - Webroot Software (www.webroot.com) - (no file)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\pfuqusd.exe (file missing)
  • 0

#14
KSMETX
Posted 29 October 2005 - 01:39 PM

KSMETX

    New Member

  • Member
  • Pip
  • 1 posts
I HAVE POKAPOKA76.EXE POPUP AS MY COMPUTER BOOTS UP..WHEN IT DOES POP UP..COMPUTER FREEZES UNABLE TO DO ANYTHING..HOW DO I GO IN AND SCAN TO GET RID OF THIS VIRUS?? I HAVE LOTS OF POPUPS ADDS THE LAST WEEK ON COMPUTER....LOTS OF ICONS KEEP GETTING ADDED TO DESKTOP..BUT NOW ALL HAS FROZEN EVERYTIME I REBOOT..DUE TO POKAPOKA76.EXE POPS UP AND UNABLE TO DO ANYTHING..AM NOT A COMPUTER PERSON..PLEASE HELP!!!! :tazz:
  • 0

#15
Trevuren
Posted 29 October 2005 - 06:06 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
A. Please Uninstall Windows Overlay Components through Add/Remove programs.

B. Reboot your system

C. Post a fresh HJT log


Regards,

Trevuren

Edited by Trevuren, 31 October 2005 - 05:39 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP