Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unidentified spyware [RESOLVED]


  • This topic is locked This topic is locked

#1
sprien

sprien

    Member

  • Member
  • PipPip
  • 15 posts
Hi, am getting an increasing amount of pop ups. CWshredder shows nothing, nor does norton, so hijack this log is below:

Logfile of HijackThis v1.99.1
Scan saved at 9:08:02 PM, on 11/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://a1776.ff.full...17/MusicNow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.ho...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131641800454
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.co...006_regular.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://sympatico.zon...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://sympatico.zon...aploader_v5.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


thanks for any help!
  • 0

Advertisements


#2
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello sprien and welcome to Geeks to Go

As an introduction, please note that I am not Superhuman, I do not know everything, but what I do know has taken me years to learn. I am happy to pass on this information to you, but please bear in mind that I am also fallible.

Please note that you should have Administrator rights to perform the fixes. Also note that multiple identity PC’s (family PC’s) present a different problem; please tell me if your PC has more than one individual’s setting, but continue with the fix.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix may require you to be in Safe Mode, which will not allow you to access the internet, or my instructions!

You have quite a mixture of malware and Trojans that need to be eradicated. Let’s see what we can do with the first sweep.

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

CCleaner
Ewido Security Suite
CWShredder
cwsserviceemove.reg file

Now please install CWShredder, and run it. Click Check For Update, then Fix and then OK followed by Next, let it fix everything it asks about

Right click on this link Del 015 Domains.inf and choose Save (link) As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards

Install Ewido Security Suite.
  • Install Ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
    • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates
Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

Safe Mode

Launch Ewido, there should be an icon on your desktop, double-click it.
  • The programme will now open to the main screen.
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK.
Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop and include it in your reply.
Now close Ewido security suite.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKCU\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} - http://www.tbcode.co...006_regular.cab

Now close all windows other than HiJackThis, then click Fix Checked.

Unzip cwsserviceemove.reg file to your desktop. While in safe mode, double click on it and grant it permission to add the registry items.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

SurfAccuracy

Please notify me of any other programmes that you don’t recognise in that list in your next response

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete these folders (if present) using Windows Explorer:

C:\Program Files\SurfAccuracy\
C:\PROGRA~1\COMMON~1\WinTools\

Close Windows Explorer and Reboot normally

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, ensure you uncheck old prefetch data found under the system tab, then click Analyze> Run Cleaner. You may be fairly surprised by how much it finds. Also click Issues then Scan for issues – fix selected issues

Reboot normally

Post back a fresh HijackThis log (from normal mode) and I will take another look. (2 logs)
  • 0

#3
sprien

sprien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hi, I managed to follow the instructions up till running ccleaner, when I get the blue screen of death, when attempting to 'fix selected issues'.

Unrecognised item in ad remove: contextplus

HiJack this:
Logfile of HijackThis v1.99.1
Scan saved at 6:07:46 PM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\SK Prien\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://a1776.ff.full...17/MusicNow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.ho...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131641800454
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://sympatico.zon...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://sympatico.zon...aploader_v5.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Ewido report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:53:22 AM, 11/22/2005
+ Report-Checksum: 8F370ED

+ Scan result:

:mozilla.11:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.12:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Wegcash : Cleaned with backup
:mozilla.13:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Wegcash : Cleaned with backup
:mozilla.14:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Wegcash : Cleaned with backup
:mozilla.15:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Wegcash : Cleaned with backup
:mozilla.16:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Wegcash : Cleaned with backup
:mozilla.36:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.37:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.38:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.76:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.77:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.79:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.80:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.81:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.82:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.88:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.89:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.91:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.99:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.100:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.101:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.102:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.103:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.104:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.105:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.106:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.107:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.108:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.109:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.110:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.111:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.165:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.166:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.167:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.168:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.169:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.170:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.173:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.190:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.192:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.193:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.206:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.229:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.231:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.232:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.233:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.234:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.235:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.236:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.237:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.238:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.239:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.240:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.241:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.242:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.243:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.244:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.245:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.246:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.247:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.248:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.249:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.250:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.260:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.261:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.263:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.265:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.291:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.296:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.301:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.305:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.306:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.307:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.308:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.315:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.319:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.320:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.326:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.327:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.351:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.359:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.360:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.361:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.362:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.363:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.364:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.365:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.366:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.367:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.369:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.370:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.371:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.372:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.376:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.377:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.378:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.384:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.385:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.386:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.387:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.389:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.390:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.391:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.392:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.412:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.413:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.414:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.417:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.418:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.419:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.420:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.421:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.430:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.431:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.438:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.439:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.440:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.441:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.443:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.444:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.445:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.446:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.447:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.448:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.449:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.450:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.452:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.454:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.464:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.465:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.466:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.467:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.468:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.469:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.470:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.471:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.472:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.473:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.474:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.475:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.476:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.477:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.478:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.479:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.480:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.481:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.482:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.483:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.484:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.485:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.486:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.487:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.492:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.493:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.503:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Bluemountain : Cleaned with backup
:mozilla.504:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Bluemountain : Cleaned with backup
:mozilla.505:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Bluemountain : Cleaned with backup
:mozilla.506:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Bluemountain : Cleaned with backup
:mozilla.507:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Bluemountain : Cleaned with backup
:mozilla.514:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.515:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.516:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.517:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.518:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.519:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.520:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.521:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.522:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.523:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.524:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.525:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.526:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.527:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.528:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.530:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.535:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.538:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.552:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.553:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.554:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.555:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.556:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.557:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.558:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.566:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.567:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.576:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.577:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.578:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.621:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.622:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.623:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.624:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.638:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.639:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.640:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.642:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.674:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.675:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.676:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.677:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.678:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.703:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.704:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.706:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.738:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.739:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.751:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.752:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.763:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.772:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9uasqfns.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.773:C:\Documents and Settings\SK Prien\Application Data\Mozilla\Firefox\Profiles\9ua
  • 0

#4
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Unrecognised item in ad remove: contextplus


Thanks for the clue. I was going to do this anyway because of SurfAccuracy.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:AproposFix
Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
  • 0

#5
sprien

sprien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello, ran the aproposfix and here's the log:

Log of AproposFix v1

************

Running from directory:
C:\Documents and Settings\SK Prien\Desktop\aproposfix

************

Registry entries found:

[HKEY_LOCAL_MACHINE\Software\C5ilsADEfRpm]
@="v8NG4O7UVVUVVWV7JNlxllUVVUkXV0qvlw0 VMSMN8GbaV7LCP8LMVMNLGCR8LWMSM"
"Device"="\\\\.\\dptDPDD"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\strmixer.sys"
"DriverName"="Netmaud"
"HideUninstallerName"="C:\\Program Files\\Onladobe\\zpovideo.exe"
"UninstallerPath"="C:\\WINDOWS\\system32\\saftdown.exe"
"UninstallerRegKey"="HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{9538728B-9367-4C7E-B37C-26082A99CDE1}"
"UninstallerParams"="/CTUN"
"HDll"="C:\\WINDOWS\\system32\\defcheck.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="http://adchannel.con...onbranded.html"
"PartnerId"="CP.IST2"
"InstallationId"="{Xb650778-e179-7172-93e1-aa7f801de85b}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Onladobe\\terinmal.exe"

************

Removing hidden service:
Service Netmaud removed.

Removing hidden folder:
Deletion of folder Onladobe succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\strmixer.sys succeeded!
Deletion of file C:\WINDOWS\system32\ifseqchk.exe succeeded!
Deletion of file C:\WINDOWS\system32\defcheck.dll succeeded!
Deletion of file C:\WINDOWS\system32\saftdown.exe succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\C5ilsADEfRpm]
[-HKEY_LOCAL_MACHINE\Software\C5ilsADEfRpm]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{9538728B-9367-4C7E-B37C-26082A99CDE1}]


Here's the new Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 8:57:36 AM, on 11/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\SK Prien\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\freescan\freescan.exe -FastScan
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://a1776.ff.full...17/MusicNow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.ho...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131641800454
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://sympatico.zon...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://sympatico.zon...aploader_v5.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks again.
  • 0

#6
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Hello again

Your HJT log is looking good, but there are still a few adjustments to make to your registry.

You are running HijackThis from the Desktop; please create a new folder for it and move the programme into the new folder. This is a precaution just in case we have to backtrack. If the backup files are not in their own folder, they can and do get deleted.

Right click on this link Del 015 Domains.inf and choose Save (link) As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-ca\msntb.dll (file missing)
O15 - Trusted IP range: 206.161.125.149
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://a1776.ff.full...17/MusicNow.cab

Now close all windows other than HiJackThis, then click Fix Checked.

Reboot normally.

Post back a fresh HijackThis log (from normal mode) and I will take another look. How is it running now? Have peace and tranquillity returned?
  • 0

#7
sprien

sprien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello, here is the latest HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:55:48 AM, on 11/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKCU\..\Run: [WeatherEye] C:\Program Files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {4D991907-376B-4930-9090-8876B7E54087} (Application Class) - http://a1776.ff.full...17/MusicNow.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by1fd.bay1.ho...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {64D01C7F-810D-446E-A07E-16C764235644} (AtlAtomadersCtlAttrib Class) - http://zone.msn.com/...t/atomaders.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1131641800454
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/...me/ZAxRcMgr.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://sympatico.zon...ro.cab34246.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.mac...ash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://sympatico.zon...fault/shapo.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://sympatico.zon...aploader_v5.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

The system is running much better, I haven't had a popup since contextplus was removed. I think it might still be time to upgrade, though. I'm running on 6GB of harddrive so have problems all the time with programs not being able to run as there isn't enough memory. My latest headache is iTunes won't work properly. It installs okay but when I try to open it, it says it needs to close right away.

I do appreciate you helping me with the popups, at least it's one thing less thing to aggravate me.

Sarah
  • 0

#8
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Congratulations! your new log is clean. :tazz: Just a little bit more to do to prevent further infection.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one (Windows XP has a built-in firewall).

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one antispyware programmes for “on demand” scanning, having two or more antivirus systems is not recommended as they may well interfere with each other.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep your Windows, antispyware and antivirus updated. :)

With iTunes, why not try uninstalling, rebooting and then re-installing. With 6GB limiting you, why not just buy another HDD say 80GB, and run it as a slave to the master disk from the same IDE. Then you would have a 6GB HDD for your Windows system (that's loads of space) and another 80GB for programmes and storage, with no messing about with reformatting. The whole task of installing should take no longer than 15 minutes.

Anyway, your choice. May I wish you happy safe surfing Sarah!
  • 0

#9
sprien

sprien

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Hello,

Computer seems to be running without problems now. I've installed the programs you suggested and run the scans weekly to keep up to date.

Many thanks,
Sarah
  • 0

#10
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
You are very welcome.

I will leave this thread open for a few days in case of misfortune.
  • 0

#11
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,131 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP