Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

oemji and IST.ISTBar removal? [RESOLVED]

Started by robsandy , Oct 28 2005 10:56 PM

  • This topic is locked This topic is locked

#1
robsandy
Posted 28 October 2005 - 10:56 PM

robsandy

    New Member

  • Member
  • Pip
  • 8 posts
I typically run AVG (free edition) and AdAware SE on my computer. Earlier this week, AVG detected a trojan on my computer called Collected 5.L msdirectx.sys. It removed it, but it kept coming back, so I followed the directions at this site for Malware removal and I think it's been successful. I've eliminated most of the problems my computer has been having and now the only thing I can find is adware (oemji and IST.ISTBar. So far, I’ve done the following….

Run the diskcleanup utility and cleared all temporary internet files (and everything else).

Updated and run Adaware SE, CWShredder, and Spybot S&D with the DSO exploit fix. Several problems were found and fixed and then I rebooted and repeated all these scans and nothing more was found.

I’ve looked for suspect anit-spyware programs and found none on my system.

I’ve updated and run AVG and then uninstalled it and updated and run Ewido. AVG found and healed the same Trojan as it did initially and Ewido’s log file is included below (I included both the initial scan’s log file and the latest scan’s log file.) I then rebooted and did all this again from the beginning. After the reboot, none of the above programs have found anything.

I’ve disabled Ewido and installed, updated and run TrojanHunter. It has found and cleaned AdWare IstBar.246 and AdWare.Search.Toolbar.100.

It then rebooted and repeated all the scans from the beginning. Nothing has been found by any of the above programs.

Next, I ran Panda Activescan and it found oemji and IST.ISTBar, but did not remove them.

I then updated to SP1a and rebooted and ran all the above scans again and the only thing found was oemji and IST.ISTBar by Panda Activescan. Nothing else was found by any of the other scanners and nothing was changed or removed.

Next, I installed and ran Hijackthis and the log is included below.

Can you recommend what I should do next to A)remove any other problems before installing XP SP2 or B)protect my computer from future attacks after installing XP SP2. Do I even want to remove oemji and IST.ISTBar? Is there anything else I should remove?

Thank you for your assistance.


Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 11:42:02 PM, on 10/28/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\twatdog.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\NetMeeting\conf.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\exec.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webcourses.bu.....rea/homearea?
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Budget Dialup Web Accelerator\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [XGIWatchDog] twatdog.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [Compaq Service Drivers] msnt.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130552756984
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Keynote Connector Launcher) - http://xms.keynote.c...torLauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...587/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD0C289A-81BD-4846-9EE3-2037DBE685E4}: NameServer = 64.136.20.121 64.136.28.121
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

First Ewido scan report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:14:52 AM, 10/27/2005
+ Report-Checksum: B4CFD358

+ Scan result:

[1924] C:\WINDOWS\System32\msnt.exe -> Backdoor.SdBot.yx : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.360:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.361:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.362:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.363:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.384:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.428:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.432:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.433:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.436:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.437:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.438:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.440:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.441:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.444:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.446:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.447:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.449:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.451:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.452:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.453:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.454:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.455:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.468:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.469:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.470:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.471:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.472:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.476:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.477:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.478:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.568:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.625:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.626:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.627:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.638:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.639:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.640:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.641:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.691:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.692:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.734:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.735:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.736:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.737:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.738:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.740:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.741:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.779:C:\Documents and Settings\Sandy.DRAGON\Application Data\Mozilla\Firefox\Profiles\0z2g9y7m.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Sandy.DRAGON\Local Settings\Temporary Internet Files\Content.IE5\IEKAD93H\motor[1].exe -> Trojan.LowZones.cq : Cleaned with backup
C:\Documents and Settings\Sandy.DRAGON\msdirectx.sys -> Trojan.Rootkit.h : Cleaned with backup


::Report End

Last Ewido scan report:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:21:57 PM, 10/28/2005
+ Report-Checksum: A0157C8F

+ Scan result:

No infected objects found.


::Report End
  • 0

Advertisements

#2
Armodeluxe
Posted 01 November 2005 - 01:26 PM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi robsandy,

There is one leftover entry in your log, let's clean it, Ewido got that file. Open HijackThis and click Scan. Put a check next to this:

O4 - HKLM\..\RunServices: [Compaq Service Drivers] msnt.exe

Close all other windows except HijackThis and click Fix Checked. If you receive a message from Teatimer, allow the change.

If Panda is finding them in the registry without specifying a path, nothing to worry about, it would be orphaned registry entries. Otherwise, please run Panda again, save the results and post them here along with a new HijackThis log.

Also, you're getting too many spyware cookies. Those are mostly third party cookies and can be blocked:

In Firefox go to Tools > Options > Privacy > Cookies

Click the small triangle next to cookies to expand that tab and put a check next to "for the originating website only". This will prevent third party cookies from being installed on your computer.

In IE go to Tools > Internet Options > Privacy and click on Advanced in the Privacy tab

Now put a check next to "Override automatic cookie handling"

Set first party cookies to Accept and third party cookies to Block

Also put a check to "Always allow session cookies" OK your way out.
  • 0

#3
robsandy
Posted 01 November 2005 - 05:00 PM

robsandy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK, I use Hijackthis to fix that file and changed the settings in IE and Firefox for the cookies as you suggested, but Panda seems to not want to work for me today. When I try to run the online scan, it returns an invalid character error and refuses to continue. I'm pretty sure that it did just find them in teh registry and didn't specify a path though. So, I used TrenMicro's Housecall instead, which wouln't work 3 days ago, but now works fine. lol Anyway, it didn't find anything. I also updated and reran Adaware, Spybot, CWShredder, Ewido, and Trojan Hunter and they all came up clean too. I'll continue to try to Panda to work, but in the meantime here's my new HijackThis log (after the changes you suggested). Thanks for your help.

Logfile of HijackThis v1.99.1
Scan saved at 2:42:58 PM, on 11/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\twatdog.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webcourses.bu.....rea/homearea?
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Budget Dialup Web Accelerator\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [XGIWatchDog] twatdog.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130552756984
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Keynote Connector Launcher) - http://xms.keynote.c...torLauncher.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37390.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...587/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  • 0

#4
Armodeluxe
Posted 02 November 2005 - 11:47 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
I would say you are definitelty ready to download SP2. You can get it here:

http://www.microsoft...p2/default.mspx

Please download it and report back on how the download went.
  • 0

#5
robsandy
Posted 04 November 2005 - 02:28 AM

robsandy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK, I got SP2 and installed it and everything seems to have went fine, though my computer now takes a long time to boot up and log on to my screen name, and everytime I log in a windows security center window opens in which I can setup the firewall, automatic updates, and the Windows virus scanner monitor. I think this is what is making the log on process so long. After updating to SP2, I updated and ran all the previously mentioned scanners. Ad-Aware found the ist.Bar spyware and removed it. I then restarted and scanned again and nothing was found. Here's my new hijackthis log. Panda Activescan still isn't cooperating, but I'll keep trying. On a side note, after following your advise (but before installing SP2), my IEEE 1394 ports decided to start working for the first time since I installed the PCI card. I'm not sure why, or if it even had anything to do with the advise you gave, but I thought it was interesting. Also, after SP2 was installed, the IEEE1394 is still working just fine, though I know of many people who've had problems with it after upgrading to SP2. LOL Thanks again for your help. Any other recommendations?

Logfile of HijackThis v1.99.1
Scan saved at 2:13:19 AM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\twatdog.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\System32\alg.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webcourses.bu.....rea/homearea?
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Budget Dialup Web Accelerator\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [XGIWatchDog] twatdog.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130552756984
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Keynote Connector Launcher) - http://xms.keynote.c...torLauncher.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37390.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...587/mcfscan.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
  • 0

#6
Armodeluxe
Posted 04 November 2005 - 09:50 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
You can manage the settings for Security Center by accessing it via

Start>All Programs>Accessories>System Tools>Security Center

At the bottom you will see to manage settings for Internet Options, Firewall, and Automatic Updates.

Also on the left, you can find a link that says change the way security center alerts me..if you wish,you can turn the alerts off..also I will advise you to install a free third party firewall as Windows firewall only monitors incoming traffic, not outgoing..you can find the links in my prevention speech below..

You also have many unnecessary programs on startup. Eliminating some of them may speed up your startup time. If you receive alerts from Teatimer, allow the changes.

Open HijackThis and click Scan. Put a check next to the ones you like. Note that you will be just preventing these from loading on startup, you can start the programs manually whenever you need them.

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" HP software updates. If a shortcut doesn't exist, create your own and run it manually.
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" Checks the internet for updated drivers/utilities for your HP product - update manually
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe Viewpoint Media Player. No reason to be on startup.
O4 - HKLM\..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe -Embedding -boot ScanSoft OmniPage auto updater. Can be disabled using the main program's options.
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot Application Scheduler installed along with RealOne Player. Once , it runs independently of RealOne Player.On many PCs realsched slows down boot-ups unacceptably, using up to 90% of CPU time at times.To disable "tkbellexe" (1) Start RealOne Player (2) Tools -> Preferences (3) Automatic services in the Categories pane (4) Uncheck all options and then OK
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background See this page:
http://www.microsoft...topspamv45.mspx
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1 Weatherbug. Start manually.
O4 - Startup: PowerReg Scheduler.exe This an unnecessary registration reminder.
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Speeds up the time it takes to load the Adobe_Reader application. Your choice, but not required for Adobe Reader to function properly
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe Improves the startup time of HP Image Zone. If you disable it, HP Image Zone takes a long time to start up only the first time you run it. Subsequent startups are much faster than the first time

Close all other windows except HijackThis and click Fix Checked.


Please take the following into consideration to maintain a clean computer.

Now you should go get a firewall. Don't rely on the Windows firewall as it monitors only incoming traffic. Pick one of these, they are all free.
Kerio
Zonealarm
Sygate


Visit Windows Update regularly to get the latest security updates.You can also enable automatic updates.Your antivirus software and antispyware programs should also be updated regularly. Make a habit of running scans on a timely basis. Be careful about what you download, scan every file before clicking on it.

Additional programs to consider:

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.Restricts the actions of potentially unwanted sites in Internet Explorer.
Spywareguard An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware!
IE/Spyad
Adds a list of malicious sites to your Restricted Sites Zone.
Firefox An alternate browser safer than IE

A good article to read:
So how did I get infected in the first place?

Regards,

Armodeluxe
  • 0

#7
robsandy
Posted 05 November 2005 - 04:11 PM

robsandy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Well, I went through everything you recommended and had a couple of problems. SpywareGuard kept triggering DrWatson at startup and then it would enounter an error and lock up my desktop, forcing me to restart windows. I managed to uninstall it and everything is kosher now. I also deactivated Ewido and reinstalled AVG as it just seems to work a little better for me--OK, so that's what I'm used to and more comfortable with. lol Can I still run TrojanHunter with AVG without conflicts? Just wondering. I've tried ZoneAlarm's firewall, but wasn't wild about it, so I'm downloading Kerio's now.

The only other problem we've found since installing SP2, is that this computer has disappeared from our home network. The other 2 computers can see and share with eachother, but not with the XP sp2 machine, though the sp2 machine can see and access both of the others and all three can share an internet connection. So, I'm convinced that a network setting on the SP2 computer got changed somehow during the update. I have checked the firewall and enabled file and print sharing, but that hasn't helped. Even with the firewall off, the other 2 computers can't interact with this one over the network. Any suggestions? BTW, here's a log from HJT..

Logfile of HijackThis v1.99.1
Scan saved at 4:12:03 PM, on 11/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\mqsvc.exe
C:\WINDOWS\System32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\system32\twatdog.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Budget Dialup\Dialer.exe
C:\Program Files\Budget Dialup Web Accelerator\slipaccel.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://channels.aimt.../aimtoolbar.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webcourses.bu.....rea/homearea?
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\Budget Dialup Web Accelerator\PBHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [XGIWatchDog] twatdog.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Dragon NaturallySpeaking.lnk = C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\BenQ\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Show All Original Images - res://C:\Program Files\Budget Dialup Web Accelerator\slipaccel.exe/250
O8 - Extra context menu item: Show Original Image - res://C:\Program Files\Budget Dialup Web Accelerator\slipaccel.exe/227
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130552756984
O16 - DPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} (Keynote Connector Launcher) - http://xms.keynote.c...torLauncher.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zone...canner37390.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...587/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD0C289A-81BD-4846-9EE3-2037DBE685E4}: NameServer = 209.244.0.3 209.244.0.4
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  • 0

#8
Armodeluxe
Posted 06 November 2005 - 07:52 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Log looks good..

You can use AVG with both Ewido and Trojanhunter without any problems. To clarify, AVG is an antivirus program, whereas the other two are both antitrojans. You can use AVG in accordance with either, but if you are going to keep both Trojanhunter and Ewido, it's better to turn off active protection of one and keep it for the scanning.

To be frank, I'm not familiar with networking at all, so I can't be much of help to you on that subject. We have a Networking subforum under the Hardware forum which you can find on the main page. I'd suggest you make a post there and the staff members there may be more of help than me.
  • 0

#9
robsandy
Posted 06 November 2005 - 10:39 AM

robsandy

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK, I'll reinstall ewido then and just turn off the guard on it. Thanks very much for all your help. My computer is running much better now and I really apprecite it. :-)
  • 0

#10
Armodeluxe
Posted 07 November 2005 - 06:51 AM

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP