dear infaddict and others,
I have done everything as you described, had done most of it already, but did it again, except 1 or 2 things i hadn't done as yet.
here is the hijack this logfile:
Logfile of HijackThis v1.99.1
Scan saved at 22:08:56, on 24-11-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Logitech\QuickCam\WebCamRT.exe
C:\Program Files\Grouper\Grouper.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\LVideoS.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\ACD Systems\ACDSee\ACDSee.exe
C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\c95bd83d2a268baf2b92cca324c3120b\update\update.exe
C:\Documents and Settings\jakob.JAKOB-FRANS\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.nlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.nlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.nlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.nlO2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: C:\WINDOWS\adsldpbd.dll - {826B2228-BC09-49F2-B5F8-42CE26B1B711} - C:\WINDOWS\adsldpbd.dll
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: (no name) - {DA223E41-3F7F-4B2B-8CC8-22C6A1197EEB} - C:\WINDOWS\mpatrol.dll (file missing)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [WebCamRT.exe] C:\Program Files\Logitech\QuickCam\WebCamRT.exe /WinStart /regkey=Software\Logitech\QuickCam.5\WebCamSettings
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [ClearCookies] C:\WINDOWS\cc.exe
O4 - Startup: Grouper.lnk = C:\Program Files\Grouper\Grouper.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: WebControlDeploy -
http://grouper.com/v1/GrouperSetup.cabO16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://groups.msn.co...UC/MsnPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1132864607639O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai...all/xscan53.cabO16 - DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} (McAfee Virtual Technician Control Class) -
http://us-download.m...ted/mvt/mvt.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcaf...598/mcfscan.cabO20 - Winlogon Notify: gg - C:\WINDOWS\adsldpbd.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
I also have 2 logfiles of as-ware:
1)
Ad-Aware SE Build 1.06r1
Logfile Created on:donderdag 24 november 2005 16:52:01
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R76 22.11.2005
换换换换换换换换换换换换换换换换换换换换换换换换换�/font>
References detected during the scan:
换换换换换换换换换换换换换换换换换换换�/font>
Possible Browser Hijack attempt(TAC index:3):1 total references
换换换换换换换换换换换换换换换换换换换�/font>
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
24-11-2005 16:52:01 - Scan started. (Smart mode)
Listing running processes
换换换换换换换换换换换换换换换换换换换
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 420
ThreadCreationTime : 24-11-2005 15:40:39
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 24-11-2005 15:40:42
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 24-11-2005 15:40:43
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 24-11-2005 15:40:44
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 24-11-2005 15:40:44
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 708
ThreadCreationTime : 24-11-2005 15:40:44
BasePriority : Normal
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 800
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 964
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1000
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1364
ThreadCreationTime : 24-11-2005 15:40:47
BasePriority : Normal
#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1420
ThreadCreationTime : 24-11-2005 15:40:47
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:14 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 1552
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource
#:15 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1564
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module
#:16 [ghoststarttrayapp.exe]
FilePath : C:\Program Files\Symantec\Norton Ghost 2003\
ProcessID : 1596
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 2003.775
ProductVersion : 2003.775
ProductName : Norton Ghost Start
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartTrayApp
LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartTrayApp.exe
#:17 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1604
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:18 [wcescomm.exe]
FilePath : C:\Program Files\Microsoft ActiveSync\
ProcessID : 1636
ThreadCreationTime : 24-11-2005 15:40:49
BasePriority : Normal
FileVersion : 3.6.0.2148
ProductVersion : 3.6.2148
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2002 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE
#:19 [webcamrt.exe]
FilePath : C:\Program Files\Logitech\QuickCam\
ProcessID : 1644
ThreadCreationTime : 24-11-2005 15:40:49
BasePriority : Normal
#:20 [grouper.exe]
FilePath : C:\Program Files\Grouper\
ProcessID : 1660
ThreadCreationTime : 24-11-2005 15:40:49
BasePriority : Normal
#:21 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 1716
ThreadCreationTime : 24-11-2005 15:40:50
BasePriority : Normal
#:22 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 2000
ThreadCreationTime : 24-11-2005 15:40:55
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:23 [ewidoguard.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 2020
ThreadCreationTime : 24-11-2005 15:40:56
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe
#:24 [ghoststartservice.exe]
FilePath : C:\Program Files\Symantec\Norton Ghost 2003\
ProcessID : 232
ThreadCreationTime : 24-11-2005 15:41:00
BasePriority : Normal
FileVersion : 2003.775
ProductVersion : 2003.775
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe
#:25 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 252
ThreadCreationTime : 24-11-2005 15:41:00
BasePriority : Normal
FileVersion : 9, 1, 0, 8
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine
#:26 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 392
ThreadCreationTime : 24-11-2005 15:41:00
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe
#:27 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 448
ThreadCreationTime : 24-11-2005 15:41:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:28 [lvideos.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 668
2)
Ad-Aware SE Build 1.06r1
Logfile Created on:donderdag 24 november 2005 18:02:12
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R76 22.11.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Possible Browser Hijack attempt(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
24-11-2005 18:02:13 - Scan started. (Custom mode)
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 420
ThreadCreationTime : 24-11-2005 15:40:39
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 484
ThreadCreationTime : 24-11-2005 15:40:42
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 508
ThreadCreationTime : 24-11-2005 15:40:43
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 24-11-2005 15:40:44
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 564
ThreadCreationTime : 24-11-2005 15:40:44
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 708
ThreadCreationTime : 24-11-2005 15:40:44
BasePriority : Normal
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 800
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 964
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1000
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1080
ThreadCreationTime : 24-11-2005 15:40:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1364
ThreadCreationTime : 24-11-2005 15:40:47
BasePriority : Normal
#:13 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1420
ThreadCreationTime : 24-11-2005 15:40:47
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:14 [mcvsshld.exe]
FilePath : C:\PROGRA~1\mcafee.com\vso\
ProcessID : 1552
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 9, 1, 0, 6
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan ActiveShield Resource
InternalName : msvcshld
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsshld.exe
Comments : McAfee VirusScan ActiveShield Resource
#:15 [mcvsescn.exe]
FilePath : c:\progra~1\mcafee.com\vso\
ProcessID : 1564
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 9, 1, 0, 4
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc.
FileDescription : McAfee VirusScan E-mail Scan Module
InternalName : mcvsescn
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsescn.EXE
Comments : McAfee VirusScan E-mail Scan Module
#:16 [ghoststarttrayapp.exe]
FilePath : C:\Program Files\Symantec\Norton Ghost 2003\
ProcessID : 1596
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 2003.775
ProductVersion : 2003.775
ProductName : Norton Ghost Start
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartTrayApp
LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartTrayApp.exe
#:17 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1604
ThreadCreationTime : 24-11-2005 15:40:48
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe
#:18 [wcescomm.exe]
FilePath : C:\Program Files\Microsoft ActiveSync\
ProcessID : 1636
ThreadCreationTime : 24-11-2005 15:40:49
BasePriority : Normal
FileVersion : 3.6.0.2148
ProductVersion : 3.6.2148
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2002 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE
#:19 [webcamrt.exe]
FilePath : C:\Program Files\Logitech\QuickCam\
ProcessID : 1644
ThreadCreationTime : 24-11-2005 15:40:49
BasePriority : Normal
#:20 [grouper.exe]
FilePath : C:\Program Files\Grouper\
ProcessID : 1660
ThreadCreationTime : 24-11-2005 15:40:49
BasePriority : Normal
#:21 [ymsgr_tray.exe]
FilePath : C:\Program Files\Yahoo!\Messenger\
ProcessID : 1716
ThreadCreationTime : 24-11-2005 15:40:50
BasePriority : Normal
#:22 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 2000
ThreadCreationTime : 24-11-2005 15:40:55
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe
#:23 [ewidoguard.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 2020
ThreadCreationTime : 24-11-2005 15:40:56
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe
#:24 [ghoststartservice.exe]
FilePath : C:\Program Files\Symantec\Norton Ghost 2003\
ProcessID : 232
ThreadCreationTime : 24-11-2005 15:41:00
BasePriority : Normal
FileVersion : 2003.775
ProductVersion : 2003.775
ProductName : Norton Ghost Start Service
CompanyName : Symantec Corporation
FileDescription : Norton Ghost Start
InternalName : GhostStartService
LegalCopyright : Copyright © 1998-2002 Symantec Corp. All rights reserved.
OriginalFilename : GhostStartService.exe
#:25 [mcvsrte.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 252
ThreadCreationTime : 24-11-2005 15:41:00
BasePriority : Normal
FileVersion : 9, 1, 0, 8
ProductVersion : 9, 1, 0, 0
ProductName : McAfee VirusScan
CompanyName : McAfee, Inc
FileDescription : McAfee VirusScan Real-time Engine
InternalName : mcvsrte
LegalCopyright : Copyright © 2005 McAfee, Inc. All Rights Reserved.
OriginalFilename : mcvsrte.exe
Comments : McAfee VirusScan Real-time Engine
#:26 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 392
ThreadCreationTime : 24-11-2005 15:41:00
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright © 2002
OriginalFilename : SMAgent.exe
#:27 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 448
ThreadCreationTime : 24-11-2005 15:41:01
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:28 [lvideos.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 668
ThreadCreationTime : 24-11-2005 15:41:02
BasePriority : Normal
#:29 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 856
ThreadCreationTime : 24-11-2005 15:41:04
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe
#:30 [wmiapsrv.exe]
FilePath : C:\WINDOWS\System32\wbem\
ProcessID : 980
ThreadCreationTime : 24-11-2005 15:41:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI Performance Adapter Service
InternalName : WmiApSrv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WmiApSrv.exe
#:31 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1192
ThreadCreationTime : 24-11-2005 15:41:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:32 [mcshield.exe]
FilePath : c:\PROGRA~1\mcafee.com\vso\
ProcessID : 1584
ThreadCreationTime : 24-11-2005 15:41:08
BasePriority : High
#:33 [gnotify.exe]
FilePath : C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\
ProcessID : 2372
ThreadCreationTime : 24-11-2005 15:41:38
BasePriority : Normal
FileVersion : 1.0.25.0
ProductVersion : 1.0.25.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004-2005
OriginalFilename : gnotify.exe
#:34 [gnotify.exe]
FilePath : C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\
ProcessID : 2512
ThreadCreationTime : 24-11-2005 15:41:52
BasePriority : Normal
FileVersion : 1.0.25.0
ProductVersion : 1.0.25.0
ProductName : Gmail
CompanyName : Google Inc.
FileDescription : Gmail Notifier
LegalCopyright : Copyright © Google Inc. 2004-2005
OriginalFilename : gnotify.exe
#:35 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2640
ThreadCreationTime : 24-11-2005 15:42:08
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe
#:36 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3188
ThreadCreationTime : 24-11-2005 15:43:26
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:37 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 4028
ThreadCreationTime : 24-11-2005 15:47:36
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
#:38 [emule.exe]
FilePath : C:\Program Files\eMule\
ProcessID : 3160
ThreadCreationTime : 24-11-2005 16:01:26
BasePriority : Normal
FileVersion : 0.46.2 Unicode
ProductVersion : 0.46.2 Unicode
ProductName : eMule
CompanyName :
http://www.emule-project.net FileDescription : eMule
InternalName : emule.exe
LegalCopyright : Copyright © 2002-2005 Merkur - read license.txt for more infos
OriginalFilename : emule.exe
#:39 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 2860
ThreadCreationTime : 24-11-2005 16:45:35
BasePriority : Normal
#:40 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3120
ThreadCreationTime : 24-11-2005 16:47:05
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
#:41 [flashget.exe]
FilePath : C:\PROGRA~1\FlashGet\
ProcessID : 3180
ThreadCreationTime : 24-11-2005 16:47:29
BasePriority : Normal
FileVersion : 1, 6, 5, 0
ProductVersion : 1, 6, 5, 0
ProductName : FlashGet
CompanyName : Amaze Soft
FileDescription : FlashGet
InternalName : FlashGet
LegalCopyright : Copyright © 1999-2004 by Amaze Soft
OriginalFilename : flashget.exe
#:42 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2944
ThreadCreationTime : 24-11-2005 16:55:27
BasePriority : Normal
FileVersion : 6.00.2600.0000 (xpclient.010817-1148)
ProductVersion : 6.00.2600.0000
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Trusted zone presumably compromised : searchmeup.com
Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data :
TAC Rating : 0
Category : Vulnerability
Comment : Trusted zone presumably compromised : searchmeup.com
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchmeup.com
Trusted zone presumably compromised : searchmeup.com
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 1
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1
18:21:33 Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:19:20.953
Objects scanned:150355
Objects identified:1
Objects ignored:0
New critical objects:1
and an ewideo security report log:
More options 4:37 pm (5 hours ago)
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 16:35:38, 24-11-2005
+ Report-Checksum: AAEEA26F
+ Scan result:
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
:mozilla.25:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.29:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.33:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.34:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.36:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.93:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.105:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.109:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.110:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.119:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup
:mozilla.120:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup
:mozilla.127:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.128:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.129:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.130:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.131:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.132:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.167:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.179:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.180:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.181:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.182:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.184:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.186:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.187:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.189:C:\Documents and Settings\jakob.JAKOB-FRANS\Application Data\Mozilla\Firefox\Profiles\default.l9o\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup