Logfile of HijackThis v1.99.1
Scan saved at 1:56:51 PM, on 11/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\CTHELPER.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\PhoneTools\CapFax.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - URLSearchHook: (no name) - _{D6DFF6D8-B94B-4720-B730-1C38C7065C3B} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [Norton Wizzard] nwiz.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [Norton Wizzard] nwiz.exe
O4 - HKCU\..\Run: [iouz] C:\PROGRA~1\COMMON~1\iouz\iouzm.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {0FFFFFFF-0FFF-0FFF-0FFF-0FFFFFFFFFFF} - http://www.h-desk-so...DeskSetup_A.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3EB4F9EA-51A6-48DA-846A-0D69DCBA39EF} (DownloadManager Control) - http://download.akam...loadManager.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarr...artload192a.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1134154100296
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - hcp://system/RunExeActiveX.CAB
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {76D90D08-EAB7-46D8-BF99-87445BF59E72} (SystemInfo Class) - http://www.directv.d.../dpcsysinfo.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c18.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - hcp://system/StartFirstControl.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - hcp://system/XPLControl.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX/kdx.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Run - C:\WINNT\system32\hrr0059me.dll
O21 - SSODL: Web Event Logger - {79FEACFF-FFCE-815E-A900-316290B5B738} - C:\WINNT\System32\Fhkddffl.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Authorization Verification (AuthVer) - Unknown owner - C:\WINNT\System32\winfrwl32.exe" -service (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: PictureTaker - Unknown owner - c:\fixit\pt\PCTKRNT.SYS (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Secure transactions provider - Unknown owner - C:\WINNT\system32\cvmss.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: _ntfrmwrk (TskHlpr) - Unknown owner - C:\WINNT\System32\syscfg.exe" -service (file missing)
O23 - Service: Tsk Mngr Hlp (TskMngHlp) - Unknown owner - C:\WINNT\System32\wins32.exe" -service (file missing)
And now the log from EWIDO.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 1:02:23 PM, 11/20/2005
+ Report-Checksum: 9DBB3174
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C5-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C5-189F-421a-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C7-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C7-189F-421a-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6CB-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6CB-189F-421a-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA1-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\DeskAdX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\TypeLib\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0F2A4ADC-DABF-4980-8DB4-19F67D7B1F95}\TypeLib\\ -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\TypeLib\\ -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown.1\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.NetscapeStartup\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.NetscapeStartup.1\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.SettingsPlugin\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\MySearchToolBar.SettingsPlugin.1\CLSID\\ -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\relatedlinks -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\relatedlinks\\CLSID -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{014DA6C0-189F-421A-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\FocusInteractive\Outlook\\MyWebSearch.OutlookAddin -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/DeskAdX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/DeskAdX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup
HKU\S-1-5-21-71594873-3563514748-4210259494-1003\Software\2nd -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-71594873-3563514748-4210259494-1003\Software\2nd\Client -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-71594873-3563514748-4210259494-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-71594873-3563514748-4210259494-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{014DA6C9-189F-421A-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
[160] C:\windows\adtech2005.exe -> Trojan.VB.afn : Cleaned with backup
[184] C:\WINNT\System32\vidmon\vidmon.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
[428] C:\PROGRA~1\COMMON~1\iouz\iouzm.exe -> TrojanDownloader.TSUpdate.n : Cleaned with backup
[1504] C:\PROGRA~1\COMMON~1\iouz\iouza.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
[3220] C:\WINNT\system32\guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G5IJWLYN\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\G5IJWLYN\mte3ndi6odoxng[1].exe -> TrojanDownloader.Small.buy : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UJNIS5US\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\UJNIS5US\mm[3].js -> Spyware.Chitika : Cleaned with backup
C:\installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\mte3ndi6odoxng.exe -> TrojanDownloader.Small.buy : Cleaned with backup
C:\Program Files\Common Files\iouz\iouza.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\iouz\iouzm.exe -> TrojanDownloader.TSUpdate.n : Cleaned with backup
C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom.zip/[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom1.zip/owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom10.zip/owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom2.zip/[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom3.zip/owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom4.zip/[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom5.zip/owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom6.zip/[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom7.zip/owner@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom8.zip/[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Advertisingcom9.zip/owner@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc1.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc2.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc3.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc4.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc5.zip/owner@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick.zip/owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick1.zip/owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick2.zip/owner@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick3.zip/owner@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick.zip/owner@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox.zip/owner@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\HitBox1.zip/[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/owner@paycounter[1].txt -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/owner@qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/owner@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/[email protected][1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/owner@addcontrol[2].txt -> Spyware.Cookie.Addcontrol : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/owner@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/owner@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer10.zip/[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/owner@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/owner@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer14.zip/owner@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/owner@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/owner@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer15.zip/owner@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex.zip/owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\MediaPlex1.zip/owner@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet11.zip/newdotnet5_48.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet14.zip/newdotnet5_48.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet18.zip/newdotnet5_48.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet39.zip/newdotnet6_22.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet43.zip/newdotnet6_22.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet44.zip/newdotnet6_22.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet45.zip/newdotnet6_22.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Newnet48.zip/newdotnet6_22.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexList.zip/owner@sexlist[2].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexTracker.zip/owner@sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexTracker1.zip/[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexTracker2.zip/[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexTracker3.zip/[email protected][2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\SexTracker4.zip/[email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick.zip/owner@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick1.zip/owner@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\ValueClick2.zip/owner@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\windows\adtech2005.exe -> Trojan.VB.afn : Cleaned with backup
C:\windows\timessquare.exe -> Spyware.Hijacker.StartPage.aw : Cleaned with backup
C:\WINNT\Downloaded Program Files\drsmartload192a.exe -> TrojanDownloader.VB.qr : Cleaned with backup
C:\WINNT\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINNT\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\WINNT\system32\g2220cfoef2c0.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\jtpo0773e.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\magina.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\n24s0ch7ef4.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\navshext1.dll -> Spyware.Chiem : Cleaned with backup
C:\WINNT\system32\nfomon\nfo.ocx -> Spyware.Delfin : Cleaned with backup
C:\WINNT\system32\o2ro0c93ef.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\pxlmon.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINNT\system32\vidmon\vidmon.exe -> Spyware.DelphinMediaViewer : Cleaned with backup
C:\WINNT\system32\__delete_on_reboot__guard.tmp -> Spyware.Look2Me : Cleaned with backup
::Report End
Thanks for your help in advance
Edited by Austnin, 20 November 2005 - 01:01 PM.