Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FREEPOD [RESOLVED]


  • This topic is locked This topic is locked

#1
whitesoxrule

whitesoxrule

    Member

  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.99.1
Scan saved at 1:07:58 AM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\HPConfig.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\eljrzxot.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search101online.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search101online.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search101online.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/no...vilion/e-center
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search101online.com/sp2.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [HPLaptopGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HPLaptop\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [kpfjndet] C:\WINDOWS\eljrzxot.exe
O4 - HKLM\..\Run: [oztveify] C:\WINDOWS\euktwh.exe
O4 - HKLM\..\Run: [jep] C:\WINDOWS\jep.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [AcceleNet Client Application] C:\Program Files\FamilyOnline\Fastlane\AcceleNetClient.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [sman] C:\DOCUME~2\Owner\LOCALS~1\Temp\app159.tmp
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [freestyle] lockx.exe
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\RunServices: [freestyle] lockx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [freestyle] lockx.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-58-12-0000166.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: TFTP3184
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\FamilyOnline\Fastlane\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/p...t/msnchat41.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/...onpm1,0,2,3.cab
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.co...etup1.0.0.7.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D6F934-159B-4C2F-AD8A-2282128AB252}: NameServer = 66.94.212.81 66.94.212.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D6F934-159B-4C2F-AD8A-2282128AB252}: NameServer = 66.94.212.81 66.94.212.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D6F934-159B-4C2F-AD8A-2282128AB252}: NameServer = 66.94.212.81 66.94.212.82
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
  • 0

Advertisements


#2
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello and welcome to GeeksToGo! My name is Kat, and I will be helping you get your computer fixed back up and on the go! You should either print these instructions, or save them to a Notepad file on your desktop. Part of the fix may require you to be in Safe Mode, and you will be unable to access the internet at that time!

1. Please download LQfix.exe from one of the following locations:
  • http://www.downloads.subratam.org/LQfix.exe
    http://miekiemoes.geekstogo.com/tools/LQfix.exe

  • Save it to your New Folder you created for HijackThis
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • You need an active Internet Connection, so make sure your you're not blocking any connection now.
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
2. You have a CoolWebSearch infection.

Download CWShredder Here into your New Folder on your C: drive.

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

3.DownloadAimFix into your New Folder. Double click the AimFix.exe and allow it to run.

4. Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Reboot into SAFE MODE . Do this by repeatedly tapping the F8 key as the computer begins to boot up. You will be taken to a screen where you can use your keyboard "arrow" keys to move the cursor and highlight "Safe Mode", then click the "enter" button.
  • Once in Safe Mode, you are going to run Ewido as follows. It is VERY IMPORTANT that you do not "multi task" while Ewido runs. Please do not open/run ANYTHING else during the scan...this includes all files, programs, folders, games, etc. ONLY have Ewido running.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

5. Please reply to this thread by clicking the Add REply button. Please paste me a copy of the report from Ewido, along with a new HijackThis log.
  • 0

#3
whitesoxrule

whitesoxrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
heres my ewindo report its gunna be on 2 post becuz my comp is being dum.. it says its not over limit..


ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:43:19 AM, 10/27/2005
+ Report-Checksum: 51916315

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE\\AppID -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{05774849-67D2-492C-AB96-E6AF16452632}\TypeLib\\ -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{23C0C96E-71AC-4040-92C2-551AE5139A70}\TypeLib\\ -> Spyware.MediaMotor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654581-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654581-4333-11D5-B0DF-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654582-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654582-4333-11D5-B0DF-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654583-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654583-4333-11D5-B0DF-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654584-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654584-4333-11D5-B0DF-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654585-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{83654585-4333-11D5-B0DF-0050DAC24E8F}\TypeLib\\ -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{83654580-4333-11D5-B0DF-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\iWon -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\iWon\iWonSlots -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70522FA2-4656-11D5-B0E9-0050DAC24E8F} -> Spyware.iWon : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79B96C72-C0D0-4DC8-BC7E-9F314A918228} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdStatServX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm63.ocx\\.Owner -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm63.ocx\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/roing17.ocx\\.Owner -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/roing17.ocx\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/ObjSafe.tlb\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\skin -> Spyware.Delfin : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKU\S-1-5-21-776746741-4282951562-813958858-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-776746741-4282951562-813958858-1003\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-776746741-4282951562-813958858-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-776746741-4282951562-813958858-1003\Software\Classes\CLSID\\ -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-776746741-4282951562-813958858-1003_Classes\CLSID\\ -> Spyware.AproposMedia : Error during cleaning
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Error during cleaning
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.390:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.391:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.409:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.481:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.482:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.483:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.497:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.568:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.583:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.618:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.620:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.621:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.680:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.681:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.694:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.695:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.705:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.706:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.707:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ry8r0rnb.dlucas\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Findwhat : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\yyvyd4vi.default\cookies.txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cc.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ugl.adtrak[2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.directnetadvertising[1].txt -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkokodpskogsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Owner\Desktop\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\Documents and Settings\Owner\Desktop\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\1180234_3740_504_3460_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\132090_732_504_3968_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\1376534_3804_2980_1984_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\1376578_3072_3008_3440_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\197262_744_2496_764_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\2097330_3844_1220_3084_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\262474_1836_504_3912_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\2752714_4012_2496_2920_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\2752988_2536_4048_3452_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\2818250_4012_2496_2544_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\3014988_4012_2496_120_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\328244_4012_2496_2144_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\328332_3560_144_2632_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\3343196_3804_2980_3328_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\459388_4012_2496_1552_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\589982_2532_492_3884_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\655618_2820_2916_3596_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\66316_3560_144_3212_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\787300_3580_2496_1796_76.41.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_3040.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_54AE.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_6DC9.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_6FCF.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_8F3B.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_9728.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_A440.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_A878.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_B469.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_C1C4.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_CFF2.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_E177.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_E560.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_EDE6.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\k_FCB0.tmp -> Trojan.EliteBar.a : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\res285.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\res2F4.tmp/clientax.dll -> Spyware.180Solutions : Error during cleaning

Edited by whitesoxrule, 27 October 2005 - 09:06 AM.

  • 0

#4
whitesoxrule

whitesoxrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
C:\Documents and Settings\Owner\Local Settings\Temp\res2F4.tmp/clientax.dll -> Spyware.180Solutions : Error during cleaning
C:\Downloads\Monopoly3-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
C:\Program Files\AdStatus Service\AdStatComm.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107498.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107602.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107614.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107615.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107616.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107616.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107616.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107616.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107616.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107616.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107616.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP334\A0107617.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0107634.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0107654.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0108652.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0108654.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0108655.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0108656.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0108656.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0108656.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0108656.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0108656.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0108656.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP336\A0108656.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108665.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108744.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108774.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108775.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108776.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108777.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108777.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108777.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108777.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108777.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108777.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0108777.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109774.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109775.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109776.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109776.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109776.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109776.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109776.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109776.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109776.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109780.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109792.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP337\A0109807.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110805.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110827.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110832.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110833.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110835.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110835.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110835.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110835.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110835.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110835.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110835.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110902.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110920.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110921.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110922.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110923.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110925.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110925.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110925.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110925.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110925.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110925.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110925.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Error during cleaning
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP338\A0110936.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0110937.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0110939.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0110940.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0110941.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0110941.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0110941.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0110941.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0110941.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0110941.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0110941.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0111919.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0111921.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0111922.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0111923.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0111923.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0111923.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0111923.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0111923.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0111923.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP339\A0111923.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP340\A0111950.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP340\A0111979.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP340\A0111980.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP340\A0111981.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP340\A0111981.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP340\A0111981.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP340\A0111981.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP340\A0111981.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP340\A0111981.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP340\A0111981.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0112916.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113915.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113916.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113917.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113918.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113918.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113918.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113918.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113918.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113918.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113918.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113924.exe -> Spyware.AdTools : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113925.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113938.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113953.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113954.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113955.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113955.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113955.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113955.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113955.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113955.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP341\A0113955.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0113970.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0113972.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0113973.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0113974.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0113974.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0113974.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0113974.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0113974.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0113974.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0113974.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0114939.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0114940.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0114941.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0114941.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0114941.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0114941.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0114941.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0114941.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0114941.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP342\A0114944.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114962.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114963.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114964.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114966.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114966.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114966.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114966.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114966.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114966.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114966.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114974.exe -> Spyware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114975.exe -> Spyware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP343\A0114978.exe -> Spyware.WebRebates : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115002.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115003.dll -> Spyware.WurldMedia : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115004.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115006.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115007.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115008.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115009.exe -> TrojanDownloader.Apropo.g : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115011.exe -> TrojanDownloader.Agent.ro : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115013.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115014.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115017.exe -> TrojanDownloader.Apropo.ag : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115019.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115020.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115021.exe -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115947.dll -> TrojanDownloader.Apropo.ag : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0115964.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0116008.exe/ZangoLib.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0116008.exe/ZangoLib.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0116009.exe/ZangoLib.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP344\A0116009.exe/ZangoLib.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP359\A0119866.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP359\A0119867.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0120977.exe -> Trojan.EliteBar.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0120978.exe -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0120988.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0120991.bat -> Trojan.KillProc.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0121011.exe -> Trojan.EliteBar.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0121982.dll -> Trojan.EliteBar.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0121987.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0121991.bat -> Trojan.KillProc.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0121999.exe -> Trojan.EliteBar.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0122982.dll -> Trojan.EliteBar.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0122988.bat -> Trojan.KillProc.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0122990.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0122996.exe -> Trojan.EliteBar.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123002.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123003.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123005.exe -> Spyware.BiSpy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123006.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123007.dll -> Spyware.eUniverse : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123008.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123009.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123010.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123011.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123012.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123013.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123014.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123015.vxd/C:/WINDOWS/system32/exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123015.vxd/C:/WINDOWS/system32/mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123015.vxd/C:/WINDOWS/system32/exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123015.vxd/C:/WINDOWS/system32/javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123015.vxd/C:/WINDOWS/system32/bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123015.vxd/C:/WINDOWS/system32/msexreg.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123015.vxd/C:/WINDOWS/system32/instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123016.exe -> Spyware.BargainBuddy.l : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123018.dll -> TrojanDownloader.Dyfuca.dt : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123019.ocx -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123020.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123021.exe -> Spyware.Winpup32 : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123023.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123024.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123025.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123026.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123027.exe -> Trojan.Agent.cp : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123028.exe -> TrojanDownloader.Agent.ae : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123029.exe -> Trojan.Secondthought.H : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123031.dll -> Trojan.EliteBar.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123032.dll -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123037.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123039.bat -> Trojan.KillProc.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0123052.exe -> Trojan.EliteBar.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0124031.dll -> Trojan.EliteBar.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0124037.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0125035.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0125036.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0125039.bat -> Trojan.KillProc.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126035.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126036.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126039.bat -> Trojan.KillProc.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126048.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126050.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126052.bat -> Trojan.KillProc.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126070.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126071.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126074.bat -> Trojan.KillProc.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126126.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126127.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP360\A0126130.bat -> Trojan.KillProc.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0127240.bat -> Trojan.KillProc.a : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130418.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130418.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130422.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130423.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130424.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130425.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130429.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130430.dll -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130471.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130481.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130490.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130500.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP362\A0130503.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP364\A0134166.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP364\A0134167.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP364\A0134308.exe -> Trojan.EliteBar.g : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP366\A0141091.exe -> Trojan.EliteBar.g : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP366\A0141108.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP366\A0141109.sys -> Trojan.Rootkit.h : Cleaned with backup
C:\System Volume Information\_restore{FE9C7AD2-91D5-4C9C-9C3A-1D5559EA1B8F}\RP366\A0141113.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\temp\ZCWEDowST3.exe -> TrojanDropper.Agent.rs : Cleaned with backup
C:\WINDOWS\mm15201518.Stub.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\nsdgcljug.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.ak : Cleaned with backup
C:\WINDOWS\pzexsnj.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\gb8m97qc.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\lsp(2)(3).dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\randreco.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\tt_reco.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Temp\Altnet -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm.exe -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm25.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm4.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admdata.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\admprog.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\atl.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\dmfiles.cab -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\DMinfo3.cab -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\dminstall3.cab -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\msvcirt.dll -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\mysearch.cab -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pmexe.cab -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pmfiles.cab -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pminstall.cab -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\Setup.cab -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Cleaned with backup
C:\WINDOWS\twaintec(3).dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\webhdll(2)(2)(2).dll -> Spyware.WebHancer : Cleaned with backup


::Report End
  • 0

#5
whitesoxrule

whitesoxrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
no JHiJackThis log..

Logfile of HijackThis v1.99.1
Scan saved at 10:11:52 AM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\HPConfig.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\essspk.exe
C:\Program Files\FamilyOnline\Fastlane\AcceleNetClient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\FamilyOnline\Fastlane\ClientSideProxy.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\New Folder\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search101online.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search101online.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search101online.com/sp2.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/no...vilion/e-center
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search101online.com/sp2.php
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [HPLaptopGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HPLaptop\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [oztveify] C:\WINDOWS\euktwh.exe
O4 - HKLM\..\Run: [jep] C:\WINDOWS\jep.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [AcceleNet Client Application] C:\Program Files\FamilyOnline\Fastlane\AcceleNetClient.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [sman] C:\DOCUME~2\Owner\LOCALS~1\Temp\app159.tmp
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: TFTP3184
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\FamilyOnline\Fastlane\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/p...t/msnchat41.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/...onpm1,0,2,3.cab
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.co...etup1.0.0.7.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D6F934-159B-4C2F-AD8A-2282128AB252}: NameServer = 66.94.212.81 66.94.212.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D6F934-159B-4C2F-AD8A-2282128AB252}: NameServer = 66.94.212.81 66.94.212.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D6F934-159B-4C2F-AD8A-2282128AB252}: NameServer = 66.94.212.81 66.94.212.82
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
  • 0

#6
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Hello again! Still a lot of nasties left in there. You also have one that none of us have seen before, so I need you to do something very important for me! I need you to submit this file for testing BEFORE you follow my next instructions. First, let's be sure you can view hidden files and folders:
  • Click Start
  • Double click on “My Computer”
  • Select Tools menu, and click on Folder Options..then click the View tab
  • Under Hidden Files and Folders heading, select “Show hidden files and folders”
  • uncheck the “hide protected operating systems files” options.
  • uncheck the “Hide file extensions for known file types” box
  • Click “yes” to confirm, then click “ok”

Now please go to Start>Search>All Files and Folders and enter this file name: TFTP3184 Search entire hard drives. Click the arrow next to "More Advanced Options" and check Search System Folders, Search Hidden files and folders and Search SubFolders. Then perform the search.
When this file is found don't open it. Instead, right click on it and select "send to compressed folder (zip)" that will create a new zipped version of this file in the same location. Now, I need you to submit this! To do so, please attach the compressed file to an email, and send it to the email address I am going to pm you now.

Once that is done, please do the following:

Please download Webroot SpySweeper 2 week free trial.

Click the "Free Trial" link on the right - next to "SpySweeper for Home Computers".
On the next page, click the "Free Trial" button.
Download it and install it.
When you open the program, it will prompt you to update to the latest definitions.
Please do so, then click "Sweep Now"
Then click the "Start" button.
When it's done scanning, click the "Next" button.
Remove everything it finds, then save the log - copy the log and paste it here for me.

After you have done these, please post a new reply here with a copy of the report from SpySweeper. Also, give me a new HijackThis log, and we'll get you finished up!

**IF you have any trouble with any of this..I'll be in chat all day, so you can find me! You know where to look :tazz:
  • 0

#7
whitesoxrule

whitesoxrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
********
2:52 PM: | Start of Session, Thursday, October 27, 2005 |
2:52 PM: Spy Sweeper started
2:52 PM: Sweep initiated using definitions version 563
2:52 PM: Starting Memory Sweep
3:06 PM: Memory Sweep Complete, Elapsed Time: 00:13:49
3:06 PM: Starting Registry Sweep
3:07 PM: Found Adware: altnet
3:07 PM: HKCR\appid\adm.exe\ (1 subtraces) (ID = 103448)
3:07 PM: HKCR\appid\altnet signing module.exe\ (1 subtraces) (ID = 103449)
3:07 PM: HKLM\software\classes\appid\adm.exe\ (1 subtraces) (ID = 103488)
3:07 PM: HKLM\software\classes\appid\altnet signing module.exe\ (1 subtraces) (ID = 103489)
3:07 PM: Found Adware: delfin
3:07 PM: HKLM\software\skin\ (ID = 124892)
3:07 PM: Found Adware: iwon
3:07 PM: HKCR\interface\{83654581-4333-11d5-b0df-0050dac24e8f}\ (8 subtraces) (ID = 129237)
3:07 PM: HKCR\interface\{83654582-4333-11d5-b0df-0050dac24e8f}\ (8 subtraces) (ID = 129238)
3:08 PM: HKCR\interface\{83654583-4333-11d5-b0df-0050dac24e8f}\ (8 subtraces) (ID = 129239)
3:08 PM: HKCR\interface\{83654584-4333-11d5-b0df-0050dac24e8f}\ (8 subtraces) (ID = 129240)
3:08 PM: HKCR\interface\{83654585-4333-11d5-b0df-0050dac24e8f}\ (8 subtraces) (ID = 129241)
3:08 PM: HKLM\software\classes\interface\{83654581-4333-11d5-b0df-0050dac24e8f}\ (8 subtraces) (ID = 129275)
3:08 PM: HKLM\software\classes\interface\{83654582-4333-11d5-b0df-0050dac24e8f}\ (8 subtraces) (ID = 129276)
3:08 PM: HKLM\software\classes\interface\{83654583-4333-11d5-b0df-0050dac24e8f}\ (8 subtraces) (ID = 129277)
3:08 PM: HKLM\software\classes\interface\{83654584-4333-11d5-b0df-0050dac24e8f}\ (8 subtraces) (ID = 129278)
3:08 PM: HKLM\software\classes\interface\{83654585-4333-11d5-b0df-0050dac24e8f}\ (8 subtraces) (ID = 129279)
3:08 PM: HKLM\software\classes\typelib\{83654580-4333-11d5-b0df-0050dac24e8f}\ (9 subtraces) (ID = 129296)
3:08 PM: HKLM\software\iwon\ (3 subtraces) (ID = 129298)
3:08 PM: HKCR\typelib\{83654580-4333-11d5-b0df-0050dac24e8f}\ (9 subtraces) (ID = 129319)
3:08 PM: Found Adware: keenvalue/perfectnav
3:08 PM: HKLM\software\perfectnav\ (1 subtraces) (ID = 129516)
3:08 PM: Found Adware: media-motor
3:08 PM: HKLM\software\microsoft\windows\currentversion\uninstall\roings\ (2 subtraces) (ID = 140210)
3:08 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
3:08 PM: HKLM\software\ssprint\ (1 subtraces) (ID = 140214)
3:08 PM: Found Adware: abetterinternet
3:08 PM: HKLM\software\sdf7sdfgs324\ (ID = 146129)
3:08 PM: Found Adware: wurldmedia
3:08 PM: HKLM\software\microsoft\windows\currentversion\uninstall\shopping community\ (3 subtraces) (ID = 147612)
3:08 PM: Found Adware: winad
3:08 PM: HKCR\appid\mediagateway.exe\ (1 subtraces) (ID = 359541)
3:08 PM: HKCR\mediagateway.installer\ (5 subtraces) (ID = 359542)
3:08 PM: HKLM\software\classes\appid\mediagateway.exe\ (1 subtraces) (ID = 359543)
3:08 PM: HKLM\software\classes\mediagateway.installer\ (5 subtraces) (ID = 359544)
3:08 PM: HKLM\software\media gateway\ (8 subtraces) (ID = 359545)
3:08 PM: HKLM\software\microsoft\windows\currentversion\uninstall\media gateway\ (2 subtraces) (ID = 359547)
3:08 PM: HKLM\software\microsoft\windows\currentversion\uninstall\bsto-1\ (7 subtraces) (ID = 746835)
3:08 PM: Found Adware: ebates money maker
3:08 PM: HKU\S-1-5-21-776746741-4282951562-813958858-1003\software\microsoft\internet explorer\extensions\cmdmapping\ || {6685509e-b47b-4f47-8e16-9a5f3a62f683} (ID = 125587)
3:08 PM: Found Adware: webrebates
3:08 PM: HKU\S-1-5-21-776746741-4282951562-813958858-1003\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (5 subtraces) (ID = 125589)
3:08 PM: HKU\S-1-5-21-776746741-4282951562-813958858-1003\software\microsoft\internet explorer\extensions\{6685509e-b47b-4f47-8e16-9a5f3a62f683}\ (5 subtraces) (ID = 125589)
3:09 PM: Found Adware: maxifiles
3:09 PM: HKU\S-1-5-21-776746741-4282951562-813958858-1003\software\xbtb07618\ (1 subtraces) (ID = 134858)
3:09 PM: Found Adware: search101online.com hijack
3:09 PM: HKU\S-1-5-21-776746741-4282951562-813958858-1003\software\microsoft\internet explorer\ || searchurl (ID = 777494)
3:09 PM: HKU\S-1-5-21-776746741-4282951562-813958858-1003\software\microsoft\internet explorer\main\ || search bar (ID = 777495)
3:09 PM: HKU\S-1-5-21-776746741-4282951562-813958858-1003\software\microsoft\internet explorer\main\ || search page (ID = 777496)
3:09 PM: HKU\S-1-5-21-776746741-4282951562-813958858-1003\software\microsoft\internet explorer\search\ || searchassistant (ID = 777497)
3:09 PM: Registry Sweep Complete, Elapsed Time:00:02:52
3:09 PM: Starting Cookie Sweep
3:09 PM: Found Spy Cookie: sandboxer cookie
3:09 PM: owner@0[2].txt (ID = 3282)
3:09 PM: owner@0[3].txt (ID = 3282)
3:09 PM: owner@0[4].txt (ID = 3282)
3:09 PM: owner@0[5].txt (ID = 3282)
3:09 PM: Found Spy Cookie: primaryads cookie
3:09 PM: owner@1.primaryads[2].txt (ID = 3190)
3:09 PM: Found Spy Cookie: 2o7.net cookie
3:09 PM: owner@2o7[1].txt (ID = 1957)
3:09 PM: owner@2o7[2].txt (ID = 1957)
3:09 PM: Found Spy Cookie: 3 cookie
3:09 PM: owner@3[1].txt (ID = 1959)
3:09 PM: Found Spy Cookie: 498 cookie
3:09 PM: owner@498[1].txt (ID = 1975)
3:09 PM: Found Spy Cookie: 64.62.232 cookie
3:09 PM: owner@64.62.232[1].txt (ID = 1987)
3:09 PM: owner@64.62.232[2].txt (ID = 1987)
3:09 PM: owner@64.62.232[3].txt (ID = 1987)
3:09 PM: owner@64.62.232[4].txt (ID = 1987)
3:09 PM: owner@64.62.232[5].txt (ID = 1987)
3:09 PM: Found Spy Cookie: 888 cookie
3:09 PM: owner@888[3].txt (ID = 2019)
3:09 PM: Found Spy Cookie: abcsearch cookie
3:09 PM: owner@abcsearch[1].txt (ID = 2033)
3:09 PM: Found Spy Cookie: about cookie
3:09 PM: owner@about[1].txt (ID = 2037)
3:09 PM: Found Spy Cookie: accoona cookie
3:09 PM: owner@accoona[2].txt (ID = 2041)
3:09 PM: Found Spy Cookie: adlegend cookie
3:09 PM: owner@adlegend[2].txt (ID = 2074)
3:09 PM: Found Spy Cookie: hbmediapro cookie
3:09 PM: owner@adopt.hbmediapro[1].txt (ID = 2768)
3:09 PM: Found Spy Cookie: precisead cookie
3:09 PM: owner@adopt.precisead[2].txt (ID = 3182)
3:09 PM: Found Spy Cookie: adrevolver cookie
3:09 PM: owner@adrevolver[2].txt (ID = 2088)
3:09 PM: owner@adrevolver[4].txt (ID = 2088)
3:09 PM: Found Spy Cookie: alt cookie
3:09 PM: owner@alt[2].txt (ID = 2217)
3:09 PM: Found Spy Cookie: apmebf cookie
3:09 PM: owner@apmebf[1].txt (ID = 2229)
3:09 PM: Found Spy Cookie: zango cookie
3:09 PM: owner@app.zango[1].txt (ID = 3761)
3:09 PM: Found Spy Cookie: aptimus cookie
3:09 PM: owner@aptimus[2].txt (ID = 2233)
3:09 PM: Found Spy Cookie: ask cookie
3:09 PM: owner@ask[2].txt (ID = 2245)
3:09 PM: Found Spy Cookie: atwola cookie
3:09 PM: owner@atwola[1].txt (ID = 2255)
3:09 PM: Found Spy Cookie: azjmp cookie
3:09 PM: owner@azjmp[2].txt (ID = 2270)
3:09 PM: Found Spy Cookie: a cookie
3:09 PM: owner@a[1].txt (ID = 2027)
3:09 PM: Found Spy Cookie: banners cookie
3:09 PM: owner@banners[2].txt (ID = 2282)
3:09 PM: Found Spy Cookie: banner cookie
3:09 PM: owner@banner[2].txt (ID = 2276)
3:09 PM: Found Spy Cookie: belnk cookie
3:09 PM: owner@belnk[1].txt (ID = 2292)
3:09 PM: Found Spy Cookie: bravenet cookie
3:09 PM: owner@bravenet[1].txt (ID = 2322)
3:09 PM: Found Spy Cookie: btgrab cookie
3:09 PM: owner@btg.btgrab[2].txt (ID = 2333)
3:09 PM: owner@businessmajors.about[1].txt (ID = 2038)
3:09 PM: Found Spy Cookie: enhance cookie
3:09 PM: owner@c.enhance[1].txt (ID = 2614)
3:09 PM: Found Spy Cookie: callwave cookie
3:09 PM: owner@callwave[1].txt (ID = 2342)
3:09 PM: Found Spy Cookie: ccbill cookie
3:09 PM: owner@ccbill[1].txt (ID = 2369)
3:09 PM: Found Spy Cookie: ugo cookie
3:09 PM: owner@cheats.ugo[1].txt (ID = 3609)
3:09 PM: owner@compactiongames.about[2].txt (ID = 2038)
3:09 PM: owner@compsimgames.about[1].txt (ID = 2038)
3:09 PM: Found Spy Cookie: tickle cookie
3:09 PM: owner@cookie.tickle[1].txt (ID = 3530)
3:09 PM: owner@couponing.about[2].txt (ID = 2038)
3:09 PM: Found Spy Cookie: dealtime cookie
3:09 PM: owner@dealtime[2].txt (ID = 2505)
3:09 PM: Found Spy Cookie: go.com cookie
3:09 PM: owner@disney.go[2].txt (ID = 2729)
3:09 PM: owner@dist.belnk[2].txt (ID = 2293)
3:09 PM: Found Spy Cookie: empnads cookie
3:09 PM: owner@empnads[2].txt (ID = 5012)
3:09 PM: owner@espn.go[2].txt (ID = 2729)
3:09 PM: owner@espnradio.espn.go[1].txt (ID = 2729)
3:09 PM: Found Spy Cookie: experclick cookie
3:09 PM: owner@experclick[1].txt (ID = 2639)
3:09 PM: owner@experts.about[1].txt (ID = 2038)
3:09 PM: owner@games.zango[1].txt (ID = 3761)
3:09 PM: Found Spy Cookie: go2net.com cookie
3:09 PM: owner@go2net[1].txt (ID = 2730)
3:09 PM: Found Spy Cookie: directtrack cookie
3:09 PM: owner@gozing.directtrack[1].txt (ID = 2528)
3:09 PM: owner@go[2].txt (ID = 2728)
3:09 PM: Found Spy Cookie: megago cookie
3:09 PM: owner@hardys.freeservers[2].txt (ID = 2983)
3:09 PM: Found Spy Cookie: herfirstanalsex cookie
3:09 PM: owner@herfirstanalsex[1].txt (ID = 2769)
3:09 PM: Found Spy Cookie: clickandtrack cookie
3:09 PM: owner@hits.clickandtrack[2].txt (ID = 2397)
3:09 PM: owner@homecooking.about[2].txt (ID = 2038)
3:09 PM: Found Spy Cookie: hotmatch cookie
3:09 PM: owner@hotmatch[2].txt (ID = 3854)
3:09 PM: Found Spy Cookie: ic-live cookie
3:09 PM: owner@ic-live[1].txt (ID = 2821)
3:09 PM: owner@imp.infinity.zango[1].txt (ID = 3761)
3:09 PM: owner@keycode.directtrack[1].txt (ID = 2528)
3:09 PM: Found Spy Cookie: kinghost cookie
3:09 PM: owner@kinghost[2].txt (ID = 2903)
3:09 PM: Found Spy Cookie: kount cookie
3:09 PM: owner@kount[1].txt (ID = 2911)
3:09 PM: Found Spy Cookie: l2m.net cookie
3:09 PM: owner@l2m[1].txt (ID = 2913)
3:09 PM: owner@lp.zango[2].txt (ID = 3761)
3:09 PM: Found Spy Cookie: maxserving cookie
3:09 PM: owner@maxserving[1].txt (ID = 2966)
3:09 PM: owner@mediamgr.ugo[2].txt (ID = 3609)
3:09 PM: owner@messenger.zango[1].txt (ID = 3761)
3:09 PM: Found Spy Cookie: metareward.com cookie
3:09 PM: owner@metareward[1].txt (ID = 2990)
3:09 PM: Found Spy Cookie: mygeek cookie
3:09 PM: owner@mygeek[1].txt (ID = 3041)
3:09 PM: Found Spy Cookie: mywebsearch cookie
3:09 PM: owner@mywebsearch[1].txt (ID = 3051)
3:09 PM: Found Spy Cookie: nextag cookie
3:09 PM: owner@nextag[1].txt (ID = 5014)
3:09 PM: Found Spy Cookie: offeroptimizer cookie
3:09 PM: owner@offeroptimizer[1].txt (ID = 3087)
3:09 PM: owner@offeroptimizer[2].txt (ID = 3087)
3:09 PM: owner@offeroptimizer[3].txt (ID = 3087)
3:09 PM: owner@offersquest.directtrack[2].txt (ID = 2528)
3:09 PM: Found Spy Cookie: partnerweekly cookie
3:09 PM: owner@partnerweekly[2].txt (ID = 3109)
3:09 PM: Found Spy Cookie: touchclarity cookie
3:09 PM: owner@partypoker.touchclarity[1].txt (ID = 3567)
3:09 PM: Found Spy Cookie: partypoker cookie
3:09 PM: owner@partypoker[2].txt (ID = 3111)
3:09 PM: owner@pediatrics.about[2].txt (ID = 2038)
3:09 PM: owner@proxy.espn.go[2].txt (ID = 2729)
3:09 PM: Found Spy Cookie: pub cookie
3:09 PM: owner@pub[2].txt (ID = 3205)
3:09 PM: Found Spy Cookie: qsrch cookie
3:09 PM: owner@qsrch[1].txt (ID = 3215)
3:09 PM: owner@rapidresponse.directtrack[2].txt (ID = 2528)
3:09 PM: Found Spy Cookie: rednova cookie
3:09 PM: owner@rednova[1].txt (ID = 3245)
3:09 PM: Found Spy Cookie: rightmedia cookie
3:09 PM: owner@rightmedia[1].txt (ID = 3259)
3:09 PM: Found Spy Cookie: rn11 cookie
3:09 PM: owner@rn11[1].txt (ID = 3261)
3:09 PM: owner@rn11[2].txt (ID = 3261)
3:09 PM: owner@rsi.espn.go[1].txt (ID = 2729)
3:09 PM: Found Spy Cookie: servlet cookie
3:09 PM: owner@servlet[2].txt (ID = 3345)
3:09 PM: owner@shared.zango[1].txt (ID = 3761)
3:09 PM: owner@singleparents.about[2].txt (ID = 2038)
3:09 PM: owner@sports-att.espn.go[2].txt (ID = 2729)
3:09 PM: owner@sports.espn.go[1].txt (ID = 2729)
3:09 PM: Found Spy Cookie: stamps.com cookie
3:09 PM: owner@stamps[1].txt (ID = 3437)
3:09 PM: Found Spy Cookie: starware.com cookie
3:09 PM: owner@starware[2].txt (ID = 3441)
3:09 PM: owner@stat.dealtime[1].txt (ID = 2506)
3:09 PM: Found Spy Cookie: statstracking cookie
3:09 PM: owner@stats-tracking[2].txt (ID = 3453)
3:09 PM: Found Spy Cookie: clicktracks cookie
3:09 PM: owner@stats1.clicktracks[2].txt (ID = 2407)
3:09 PM: Found Spy Cookie: reliablestats cookie
3:09 PM: owner@stats1.reliablestats[2].txt (ID = 3254)
3:09 PM: owner@stats2.clicktracks[1].txt (ID = 2407)
3:09 PM: Found Spy Cookie: teensforcash cookie
3:09 PM: owner@teensforcash[2].txt (ID = 3509)
3:09 PM: owner@tickle[1].txt (ID = 3529)
3:09 PM: Found Spy Cookie: toplist cookie
3:09 PM: owner@toplist[1].txt (ID = 3557)
3:09 PM: owner@toplist[3].txt (ID = 3557)
3:09 PM: Found Spy Cookie: sexsearch cookie
3:09 PM: owner@tour.splash.sexsearch[1].txt (ID = 3358)
3:09 PM: Found Spy Cookie: tracking cookie
3:09 PM: owner@tracking[1].txt (ID = 3571)
3:09 PM: Found Spy Cookie: tripod cookie
3:09 PM: owner@tripod[1].txt (ID = 3591)
3:09 PM: owner@vgstrategies.about[1].txt (ID = 2038)
3:09 PM: Found Spy Cookie: videodome cookie
3:09 PM: owner@videodome[1].txt (ID = 3638)
3:09 PM: owner@videodome[3].txt (ID = 3638)
3:09 PM: owner@www.accoona[1].txt (ID = 2042)
3:09 PM: Found Spy Cookie: adshooter cookie
3:09 PM: owner@www.adshooter[1].txt (ID = 2150)
3:09 PM: Found Spy Cookie: brazilwelcomesyou cookie
3:09 PM: owner@www.brazilwelcomesyou[1].txt (ID = 2325)
3:09 PM: Found Spy Cookie: contextuads cookie
3:09 PM: owner@www.contextuads[1].txt (ID = 2462)
3:09 PM: Found Spy Cookie: eadexchange cookie
3:09 PM: owner@www.eadexchange[2].txt (ID = 2556)
3:09 PM: owner@www.herfirstanalsex[2].txt (ID = 2770)
3:09 PM: owner@www.metareward[2].txt (ID = 2991)
3:09 PM: Found Spy Cookie: popuppers cookie
3:09 PM: owner@www.popuppers[2].txt (ID = 3158)
3:09 PM: owner@www.rednova[1].txt (ID = 3246)
3:09 PM: Found Spy Cookie: screensavers.com cookie
3:09 PM: owner@www.screensavers[1].txt (ID = 3298)
3:09 PM: Found Spy Cookie: stopzilla cookie
3:09 PM: owner@www.stopzilla[1].txt (ID = 3466)
3:09 PM: Found Spy Cookie: teenax cookie
3:09 PM: owner@www.teenax[1].txt (ID = 3504)
3:09 PM: Found Spy Cookie: winantiviruspro cookie
3:09 PM: owner@www.winantiviruspro[2].txt (ID = 3690)
3:09 PM: Found Spy Cookie: xxx69 cookie
3:09 PM: owner@www.xxx69[1].txt (ID = 3732)
3:09 PM: owner@www.zango[1].txt (ID = 3761)
3:09 PM: Found Spy Cookie: yesadvertising cookie
3:09 PM: owner@www5.yesadvertising[1].txt (ID = 3745)
3:09 PM: owner@www9.dealtime[1].txt (ID = 2506)
3:09 PM: Found Spy Cookie: xmatch cookie
3:09 PM: owner@xmatch[1].txt (ID = 3719)
3:09 PM: Found Spy Cookie: xxxdate cookie
3:09 PM: owner@xxxdate[1].txt (ID = 3735)
3:09 PM: owner@zango[2].txt (ID = 3760)
3:09 PM: Found Spy Cookie: zedo cookie
3:09 PM: owner@zedo[2].txt (ID = 3762)
3:09 PM: Cookie Sweep Complete, Elapsed Time: 00:00:31
3:10 PM: Starting File Sweep
3:10 PM: c:\program files\perfectnav (1 subtraces) (ID = -2147480782)
3:10 PM: Found Adware: bullguard popup ad
3:10 PM: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
3:10 PM: c:\program files\iwon (4 subtraces) (ID = -2147480793)
3:10 PM: c:\program files\media gateway (1 subtraces) (ID = -2147477127)
3:10 PM: Found Adware: webhancer
3:10 PM: c:\program files\whinstall (2 subtraces) (ID = -2147480064)
3:10 PM: c:\documents and settings\all users\application data\vidctrl (1 subtraces) (ID = -2147477475)
3:10 PM: c:\documents and settings\owner\local settings\temp\vmstmp (ID = -2147481126)
3:10 PM: Found Adware: imgiant
3:10 PM: c:\program files\imgiant (2 subtraces) (ID = -2147480841)
3:10 PM: mm63.inf (ID = 74056)
3:10 PM: Found Adware: 180search assistant/zango
3:10 PM: salm_gdf.dat (ID = 93789)
3:11 PM: Found Adware: cydoor peer-to-peer dependency
3:11 PM: cd_clint.dll (ID = 57300)
3:12 PM: 180287.mht (ID = 148810)
3:12 PM: readme.txt (ID = 83804)
3:14 PM: license.txt (ID = 83802)
3:18 PM: downloader.exe (ID = 164938)
3:19 PM: launcher[1].exe (ID = 156269)
3:20 PM: Found Adware: ezsearchbar
3:20 PM: name_gender.ini (ID = 60351)
3:23 PM: Found Adware: twain-tech
3:23 PM: set8.tmp (ID = 81886)
3:23 PM: Found Trojan Horse: trojan downloader matcash
3:23 PM: mc-58-12-0000166[1].exe (ID = 162542)
3:24 PM: Found Adware: elitebar
3:24 PM: kw[1].exe (ID = 166307)
3:25 PM: bulldownload.exe (ID = 52017)
3:26 PM: Found Adware: exact cashback/bargain buddy
3:26 PM: bargains.exe (ID = 50547)
3:26 PM: Found Adware: nvdialer
3:26 PM: games.exe (ID = 137596)
3:27 PM: Found Adware: apropos
3:27 PM: wingenerics.dll (ID = 50187)
3:27 PM: autoit3.exe (ID = 119348)
3:27 PM: bidulator.exe (ID = 115242)
3:27 PM: mc-62-602-0000156.exe (ID = 162542)
3:27 PM: mc-62-602-0000156.exe (ID = 162542)
3:28 PM: mc-62-602-0000156.exe (ID = 156269)
3:28 PM: npclntax.dll (ID = 146239)
3:28 PM: Found System Monitor: golden eye
3:28 PM: unins000.exe (ID = 181198)
3:28 PM: Found Adware: gain-supported software
3:28 PM: gain publishing web site.url (ID = 61372)
3:28 PM: gain publishing web site.url (ID = 61372)
3:28 PM: npclntax.xpt (ID = 146238)
3:28 PM: polmx.inf (ID = 81856)
3:28 PM: twtini.inf (ID = 81896)
3:28 PM: poltt.inf (ID = 83432)
3:28 PM: addr_var.ini (ID = 60329)
3:28 PM: birth_var.ini (ID = 60332)
3:28 PM: city_var.ini (ID = 60333)
3:28 PM: name_var.ini (ID = 60352)
3:28 PM: states.ini (ID = 60360)
3:28 PM: zip_var.ini (ID = 60362)
3:28 PM: phone_var.ini (ID = 60353)
3:28 PM: alchem.inf (ID = 83109)
3:28 PM: my games.lnk (ID = 137596)
3:28 PM: File Sweep Complete, Elapsed Time: 00:18:46
3:28 PM: Full Sweep has completed. Elapsed time 00:36:36
3:28 PM: Traces Found: 386
3:29 PM: Removal process initiated
3:29 PM: Quarantining All Traces: abetterinternet
3:29 PM: Quarantining All Traces: elitebar
3:29 PM: Quarantining All Traces: golden eye
3:30 PM: Quarantining All Traces: trojan downloader matcash
3:30 PM: Quarantining All Traces: 180search assistant/zango
3:30 PM: Quarantining All Traces: altnet
3:30 PM: Quarantining All Traces: apropos
3:30 PM: apropos is in use. It will be removed on reboot.
3:30 PM: wingenerics.dll is in use. It will be removed on reboot.
3:30 PM: Quarantining All Traces: bullguard popup ad
3:30 PM: Quarantining All Traces: delfin
3:30 PM: Quarantining All Traces: ebates money maker
3:30 PM: Quarantining All Traces: exact cashback/bargain buddy
3:30 PM: Quarantining All Traces: ezsearchbar
3:30 PM: Quarantining All Traces: gain-supported software
3:30 PM: Quarantining All Traces: imgiant
3:30 PM: Quarantining All Traces: iwon
3:30 PM: Quarantining All Traces: keenvalue/perfectnav
3:30 PM: Quarantining All Traces: maxifiles
3:30 PM: Quarantining All Traces: media-motor
3:30 PM: Quarantining All Traces: nvdialer
3:30 PM: Quarantining All Traces: search101online.com hijack
3:30 PM: Quarantining All Traces: twain-tech
3:30 PM: Quarantining All Traces: webhancer
3:31 PM: Quarantining All Traces: webrebates
3:31 PM: Quarantining All Traces: winad
3:31 PM: Quarantining All Traces: wurldmedia
3:31 PM: Quarantining All Traces: 2o7.net cookie
3:31 PM: Quarantining All Traces: 3 cookie
3:31 PM: Quarantining All Traces: 498 cookie
3:31 PM: Quarantining All Traces: 64.62.232 cookie
3:31 PM: Quarantining All Traces: 888 cookie
3:31 PM: Quarantining All Traces: a cookie
3:31 PM: Quarantining All Traces: abcsearch cookie
3:31 PM: Quarantining All Traces: about cookie
3:31 PM: Quarantining All Traces: accoona cookie
3:31 PM: Quarantining All Traces: adlegend cookie
3:31 PM: Quarantining All Traces: adrevolver cookie
3:31 PM: Quarantining All Traces: adshooter cookie
3:31 PM: Quarantining All Traces: alt cookie
3:31 PM: Quarantining All Traces: apmebf cookie
3:31 PM: Quarantining All Traces: aptimus cookie
3:31 PM: Quarantining All Traces: ask cookie
3:31 PM: Quarantining All Traces: atwola cookie
3:31 PM: Quarantining All Traces: azjmp cookie
3:31 PM: Quarantining All Traces: banner cookie
3:31 PM: Quarantining All Traces: banners cookie
3:31 PM: Quarantining All Traces: belnk cookie
3:31 PM: Quarantining All Traces: bravenet cookie
3:31 PM: Quarantining All Traces: brazilwelcomesyou cookie
3:31 PM: Quarantining All Traces: btgrab cookie
3:31 PM: Quarantining All Traces: callwave cookie
3:31 PM: Quarantining All Traces: ccbill cookie
3:31 PM: Quarantining All Traces: clickandtrack cookie
3:31 PM: Quarantining All Traces: clicktracks cookie
3:31 PM: Quarantining All Traces: contextuads cookie
3:31 PM: Quarantining All Traces: dealtime cookie
3:31 PM: Quarantining All Traces: directtrack cookie
3:31 PM: Quarantining All Traces: eadexchange cookie
3:31 PM: Quarantining All Traces: empnads cookie
3:31 PM: Quarantining All Traces: enhance cookie
3:31 PM: Quarantining All Traces: experclick cookie
3:31 PM: Quarantining All Traces: go.com cookie
3:31 PM: Quarantining All Traces: go2net.com cookie
3:31 PM: Quarantining All Traces: hbmediapro cookie
3:31 PM: Quarantining All Traces: herfirstanalsex cookie
3:31 PM: Quarantining All Traces: hotmatch cookie
3:31 PM: Quarantining All Traces: ic-live cookie
3:31 PM: Quarantining All Traces: kinghost cookie
3:31 PM: Quarantining All Traces: kount cookie
3:31 PM: Quarantining All Traces: l2m.net cookie
3:31 PM: Quarantining All Traces: maxserving cookie
3:31 PM: Quarantining All Traces: megago cookie
3:31 PM: Quarantining All Traces: metareward.com cookie
3:31 PM: Quarantining All Traces: mygeek cookie
3:31 PM: Quarantining All Traces: mywebsearch cookie
3:31 PM: Quarantining All Traces: nextag cookie
3:31 PM: Quarantining All Traces: offeroptimizer cookie
3:31 PM: Quarantining All Traces: partnerweekly cookie
3:31 PM: Quarantining All Traces: partypoker cookie
3:31 PM: Quarantining All Traces: popuppers cookie
3:31 PM: Quarantining All Traces: precisead cookie
3:31 PM: Quarantining All Traces: primaryads cookie
3:31 PM: Quarantining All Traces: pub cookie
3:31 PM: Quarantining All Traces: qsrch cookie
3:31 PM: Quarantining All Traces: rednova cookie
3:31 PM: Quarantining All Traces: reliablestats cookie
3:31 PM: Quarantining All Traces: rightmedia cookie
3:31 PM: Quarantining All Traces: rn11 cookie
3:31 PM: Quarantining All Traces: sandboxer cookie
3:31 PM: Quarantining All Traces: screensavers.com cookie
3:31 PM: Quarantining All Traces: servlet cookie
3:31 PM: Quarantining All Traces: sexsearch cookie
3:31 PM: Quarantining All Traces: stamps.com cookie
3:31 PM: Quarantining All Traces: starware.com cookie
3:31 PM: Quarantining All Traces: statstracking cookie
3:31 PM: Quarantining All Traces: stopzilla cookie
3:31 PM: Quarantining All Traces: teenax cookie
3:31 PM: Quarantining All Traces: teensforcash cookie
3:31 PM: Quarantining All Traces: tickle cookie
3:31 PM: Quarantining All Traces: toplist cookie
3:31 PM: Quarantining All Traces: touchclarity cookie
3:31 PM: Quarantining All Traces: tracking cookie
3:31 PM: Quarantining All Traces: tripod cookie
3:31 PM: Quarantining All Traces: ugo cookie
3:31 PM: Quarantining All Traces: videodome cookie
3:31 PM: Quarantining All Traces: winantiviruspro cookie
3:31 PM: Quarantining All Traces: xmatch cookie
3:31 PM: Quarantining All Traces: xxx69 cookie
3:31 PM: Quarantining All Traces: xxxdate cookie
3:31 PM: Quarantining All Traces: yesadvertising cookie
3:31 PM: Quarantining All Traces: zango cookie
3:31 PM: Quarantining All Traces: zedo cookie
3:32 PM: Removal process completed. Elapsed time 00:02:46
********
2:48 PM: | Start of Session, Thursday, October 27, 2005 |
2:48 PM: Spy Sweeper started
2:51 PM: Your spyware definitions have been updated.
2:52 PM: | End of Session, Thursday, October 27, 2005 |
  • 0

#8
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Excellent! Two more things I need please.

First...reboot your computer (if you haven't already done so)

Second... Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

Third...I need a regular HijackThis log as well. Please reply here with the Uninstall List, as well as a new HijackThis log. :tazz: Then we'll work on finishing cleaning that computer up.
  • 0

#9
whitesoxrule

whitesoxrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
here is ur hijackthis log ill get ur other thing ASAP
Logfile of HijackThis v1.99.1
Scan saved at 3:43:34 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\FamilyOnline\Fastlane\AcceleNetClient.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\HPConfig.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\FamilyOnline\Fastlane\ClientSideProxy.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\New Folder\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/no...vilion/e-center
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [HPLaptopGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HPLaptop\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [oztveify] C:\WINDOWS\euktwh.exe
O4 - HKLM\..\Run: [jep] C:\WINDOWS\jep.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [AcceleNet Client Application] C:\Program Files\FamilyOnline\Fastlane\AcceleNetClient.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [sman] C:\DOCUME~2\Owner\LOCALS~1\Temp\app159.tmp
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: TFTP3184
O4 - Global Startup: TFTP3184.zip
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: View Original Image - C:\Program Files\FamilyOnline\Fastlane\getoriginal.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/p...t/msnchat41.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/...onpm1,0,2,3.cab
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.co...etup1.0.0.7.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D6F934-159B-4C2F-AD8A-2282128AB252}: NameServer = 66.94.212.81 66.94.212.82
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

Edited by whitesoxrule, 27 October 2005 - 02:49 PM.

  • 0

#10
whitesoxrule

whitesoxrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
and heres the other thing =)

AcceleNet
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
AOL Instant Messenger
e-DiagTools for Windows
ewido security suite
HijackThis 1.99.1
hp deskjet 920c series (Remove only)
HP Desktop Zoom
HP Display Settings and HP Configuration Interface
HP One-Touch Buttons
HP Presentation Ready
HP RecordNow
HP Wireless LAN
Hpsetup
InterActual Player
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 4
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java 2 Runtime Environment, SE v1.4.2_06
Java Web Start
Language pack for Ad-Aware SE
Lernout & Hauspie TruVoice American English TTS Engine
LimeWire PRO 4.8.1
LiveUpdate 1.7 (Symantec Corporation)
LiveUpdate Administration Utility
LQfix 2.1
Medi@Show
MGI PhotoSuite III SE (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Works 6.0
MoodLogic
Mozilla Firefox (1.0.3)
MSN Messenger 7.0
MSXML4 Parser
Musicmatch® Jukebox
MUSICMATCH® Jukebox
Norton Internet Security
Pavilion demo
Photo Match All
S3Display
S3Gamma2
S3Info2
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Spy Sweeper
Spybot - Search & Destroy 1.4
Symantec AntiVirus Client
Symantec AntiVirus Quarantine Console Snap-in
Symantec System Center
Symantec System Center
Synaptics TouchPad
Uninstall ESS Modem
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Media Player
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
  • 0

Advertisements


#11
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
1. Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [oztveify] C:\WINDOWS\euktwh.exe
O4 - HKLM\..\Run: [jep] C:\WINDOWS\jep.exe
O4 - Global Startup: TFTP3184
O4 - Global Startup: TFTP3184.zip

O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/...onpm1,0,2,3.cab
O16 - DPF: {79B96C72-C0D0-4DC8-BC7E-9F314A918228} - http://ak.imgfarm.co...etup1.0.0.7.cab

Now close all windows other than HiJackThis, then click Fix Checked.

2. Reboot into safe mode.Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

3. Please delete these files using Windows Explorer(if present):

C:\WINDOWS\euktwh.exe
C:\WINDOWS\jep.exe



4. Reboot normally.

5. Please reply here with a fresh HijackThis log. Also, let me know how things are running now. :tazz:
  • 0

#12
whitesoxrule

whitesoxrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:40:49 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\HPConfig.exe
C:\WINDOWS\system32\cba\pds.exe
C:\WINDOWS\system32\S3tray2.exe
C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\HPONE-~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\essspk.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\RadioSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\New Folder\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.hp.com/no...vilion/e-center
O4 - HKLM\..\Run: [S3TRAY2] S3tray2.exe
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Display Settings\hpdisply.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CP4HPOT] C:\PROGRA~1\HPONE-~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WorksFUD] c:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] c:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [HPLaptopGamesActiveMenu] C:\Program Files\WildTangent\ActiveMenu\HPLaptop\Games\ActiveMenu.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [AcceleNet Client Application] C:\Program Files\FamilyOnline\Fastlane\AcceleNetClient.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [sman] C:\DOCUME~2\Owner\LOCALS~1\Temp\app159.tmp
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: TFTP3184
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/notebooks/pavilion/e-center
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {29C13B62-B9F7-4CD3-8CEF-0A58A1A99441} - http://fdl.msn.com/p...t/msnchat41.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/p...t/msnchat42.cab
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{07D6F934-159B-4C2F-AD8A-2282128AB252}: NameServer = 66.94.212.81 66.94.212.82
O17 - HKLM\System\CS1\Services\Tcpip\..\{07D6F934-159B-4C2F-AD8A-2282128AB252}: NameServer = 66.94.212.81 66.94.212.82
O17 - HKLM\System\CS2\Services\Tcpip\..\{07D6F934-159B-4C2F-AD8A-2282128AB252}: NameServer = 66.94.212.81 66.94.212.82
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (file missing)
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Proxy Service (ccPxySvc) - Unknown owner - C:\Program Files\Norton Internet Security\ccPxySvc.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HP Configuration Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\System32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec System Center Discovery Service (NSCTOP) - Symantec Corporation - C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  • 0

#13
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Let's try this again. We're almost there!

Reboot into safe mode. THEN open HijackThis and scan for a log. Place a check next to only the following entry:
O4 - Global Startup: TFTP3184

Click the "Fix Selected" button. Now while still in Safe Mode, go to where you found that file earlier, and DELETE it! Then empty your recycle bin, reboot normally and post me another HijackThis log.

How is everything running now? Are you still having any trouble??
  • 0

#14
whitesoxrule

whitesoxrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
everything seems to be running fine, a little slow but thats the cost of dial-up =) well lets get this done..
  • 0

#15
whitesoxrule

whitesoxrule

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hey kat i g2g for now.. i went into safemode but it said the file was in use and therefor couldnt delete it well ill be back tonight i hope ur on... buh bye
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP