• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
devious

virus stopping antiviruses from working?

24 posts in this topic

I reformatted my computer and have been having trouble with the internet and computer freezing which it didn't do before. I tried installing Mcafee but once i reset and it says i do not have rights to open the file or any .exe file for that matter. i am forced to go to safe mode and the anti virus works fine but i find that alot of key files are affexted by newwin32 and other viruses. Any help please

 

Logfile of HijackThis v1.99.1

Scan saved at 17:40:21, on 12/08/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\NT\nrcs.exe

C:\WINDOWS\update\updmgr.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe

C:\WINDOWS\System32\winIogon.exe

C:\WINDOWS\System32\spoolsvc.exe

C:\WINDOWS\System32\csrs.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\hh.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Ares\Ares.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Documents and Settings\sika\My Documents\VisualBoyAdvance v1.7.2\VisualBoyAdvance.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\NT\nrcs.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en

O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe

O4 - HKLM\..\Run: [spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe

O4 - HKLM\..\Run: [win32 update service] svchostt.exe

O4 - HKLM\..\Run: [Microsoft ® Windows Update Manager] C:\WINDOWS\update\updmgr.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [MCAFInstaller_mpfins.ui] C:\WINDOWS\TEMP\mcu267.tmp\MCAPPINS.exe /v=3 /start=mpfins.ui::default.htm

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Microsoft ® Windows Vista/NT Runtime Compatibility Service] C:\WINDOWS\NT\nrcs.exe

O4 - HKLM\..\Run: [DHCP Hotfix] C:\hh.exe

O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

O4 - HKLM\..\RunServices: [win32 update service] svchostt.exe

O4 - HKCU\..\Run: [win32 update service] svchostt.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1154296498390

O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{57164FE7-9B8E-4B59-8D5A-BD18B4FDC494}: NameServer = 83.146.21.5 212.158.248.6

O23 - Service: win32 update service (defiled) - Unknown owner - C:\WINDOWS\System32\svchostt.exe" -netsvcs (file missing)

O23 - Service: Windows Vista/NT Runtime Compatibility Service (ntrcs) - Unknown owner - C:\WINDOWS\NT\nrcs.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\System32\wdfmgr.exe (file missing)

O23 - Service: Windows Update Manager (UpdateManager) - Unknown owner - C:\WINDOWS\update\updmgr.exe

Share this post


Link to post
Share on other sites

* Please remove these entries from Add/Remove Programs in the Control Panel(if present):

To do this, click 'Start' then 'Control Panel', then double-click on Add/Remove Programs.

Ares <== comes with malware to work properly: http://www.spywareinfoforum.info/articles/p2p/old_list.php

AdwareAlert

 

* Please open hijackthis and put a check next to the following:

 

O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe

O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\winIogon.exe

O4 - HKLM\..\Run: [spooler SubSystem App] C:\WINDOWS\System32\spoolsvc.exe

O4 - HKLM\..\Run: [win32 update service] svchostt.exe

O4 - HKLM\..\Run: [Microsoft ® Windows Update Manager] C:\WINDOWS\update\updmgr.exe

O4 - HKLM\..\Run: [Client Server Runtime Process] C:\WINDOWS\System32\csrs.exe

O4 - HKLM\..\Run: [Microsoft ® Windows Vista/NT Runtime Compatibility Service] C:\WINDOWS\NT\nrcs.exe

O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot

O4 - HKLM\..\RunServices: [win32 update service] svchostt.exe

O4 - HKCU\..\Run: [win32 update service] svchostt.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O23 - Service: Windows Vista/NT Runtime Compatibility Service (ntrcs) - Unknown owner - C:\WINDOWS\NT\nrcs.exe

 

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

 

Please download the Killbox by Option^Explicit.

 

Note: In the event you already have Killbox, this is a new version that I need you to download.

  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.

    [*]Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

     

    C:\WINDOWS\System32\scvhost.exe

    C:\WINDOWS\System32\winIogon.exe

    C:\WINDOWS\System32\svchostt.exe

    C:\WINDOWS\update\updmgr.exe

    C:\WINDOWS\System32\csrs.exe

    C:\WINDOWS\NT\nrcs.exe

     

     

     

    [*] Return to Killbox, go to the File menu, and choose Paste from Clipboard.

     

    [*]Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

 

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

 

 

* Please delete these folders using Windows Explorer(if present):

    * Click Start>>All Programs>>Accessories>>Windows Explorer
    * Navigate to the listed folders, then right-click to select them and click delete

C:\Program Files\Ares

C:\Program Files\AdwareAlert

 

* Download Dr.Web CureIt to the desktop:

ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: check.gif
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    move.gif
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply with a new hijackthis log.

Edited by LS CalamityJane
Fixed outdated URL

Share this post


Link to post
Share on other sites

I'm wasn't sure if anyone was going to reply so now i wiped my pc agian and downloaded ad adware. At first it took all virus away but once i connected to the net it added more with each scan. I cant update my windows due to the viruses and i get update.exe errors. I'm going to follow what you said.

 

EDIT: I just finished doimg all that and all toolbars and errors are gone but i still get pop-ups. Any recommanded antivirus and firewall i should get or can i stick with mcafee? Heres logs.

 

DrWeb:

netmon.exe;C:\Program Files\Network Monitor;Trojan.DnsChange;Will be cured after reboot.;

Isass.exe;C:\WINDOWS\System32;Win32.Parite.2;Will be cured after reboot.;

scvhost.exe;C:\WINDOWS\System32;Win32.IRC.Bot.based;Deleted.;

Update.exe;C:\Program Files\Common Files\{3C600F9F-070B-2057-1001-02051002002c};Trojan.Starter.65;Deleted.;

Update.exe;C:\Program Files\Common Files\{3C600F9F-070A-2057-1001-02051002002c};Trojan.Starter.65;Deleted.;

CTFMON.EXE;C:\WINDOWS\System32;Trojan.MulDrop.2267;Deleted.;

gebcc.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;

MSmedia.exe;C:\WINDOWS;BackDoor.IRC.Sdbot.496;Will be cured after reboot.;

netmon.exe;c:\program files\network monitor;Trojan.DnsChange;Will be cured after reboot.;

rdriv.sys;C:\WINDOWS\system32;Trojan.NtRootKit.61;Will be cured after reboot.;

drsmartload1.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;

dfndrff_9.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;

kybrdff_9.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;

ac3_0010.exe;C:\;Trojan.DownLoader.10918;Deleted.;

nwnmff_9.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;

drsmartload45a8b9abc.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;

drsmartload.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;

drsmartload46a8b9abc.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;

drsmartload849a8b9abc.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;

MTE3NDI6ODoxNg.exe;C:\;Trojan.DownLoader.5013;Deleted.;

Installer3.exe;C:\;Adware.Look2me;Incurable.Moved.;

MSmedia.exe;C:\WINDOWS;BackDoor.IRC.Sdbot.496;Will be cured after reboot.;

bleh.exe;C:\WINDOWS\system32;Win32.IRC.Bot.based;Deleted.;

Isass.exe;C:\WINDOWS\system32;Win32.Parite.2;Deleted.;

uolrys.exe;C:\WINDOWS\system32;BackDoor.IRC.Rxbot;Deleted.;

ikfzvqae.exe;C:\WINDOWS\system32;BackDoor.IRC.Rxbot;Deleted.;

dotdr.exe;C:\WINDOWS\system32;Adware.DollarRevenue;Incurable.Moved.;

gebcc.dll;C:\WINDOWS\system32;Trojan.Virtumod;Will be cured after reboot.;

w004b64c.dll;C:\WINDOWS\system32;Trojan.DownLoader.10919;Deleted.;

ddayv.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;

Windows-spyware.exe;C:\WINDOWS\system32;BackDoor.IRC.Sdbot.719;Deleted.;

mawmdm.dll;C:\WINDOWS\system32;Adware.Look2me;Incurable.Moved.;

awvtt.dll;C:\WINDOWS\system32;Trojan.Virtumod;Deleted.;

rdriv.sys;C:\WINDOWS\system32;Trojan.NtRootKit.61;Will be cured after reboot.;

al3[1].txt;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WL2ROHMN;Trojan.DownLoader.10919;Deleted.;

drsmartload45a[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WL2ROHMN;Adware.DollarRevenue;Incurable.Moved.;

drsmartload46a[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WL2ROHMN;Adware.DollarRevenue;Incurable.Moved.;

dfndrff_9[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0PQ7KPMF;Adware.DollarRevenue;Incurable.Moved.;

ac3_0010[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0PQ7KPMF;Trojan.DownLoader.10918;Deleted.;

nwnmff_9[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0PQ7KPMF;Adware.DollarRevenue;Incurable.Moved.;

drsmartload849a[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0PQ7KPMF;Adware.DollarRevenue;Incurable.Moved.;

loader[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KHQNODEV;Adware.DollarRevenue;Incurable.Moved.;

drsmartload[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4HI3WXAR;Adware.DollarRevenue;Incurable.Moved.;

kybrdff_9[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4HI3WXAR;Adware.DollarRevenue;Incurable.Moved.;

oba3.tmp;C:\WINDOWS\Temp;Win32.Parite.2;Deleted.;

tmp00046955;C:\WINDOWS\Temp;Trojan.Virtumod;Deleted.;

asappsrv.dll;C:\WINDOWS\U2lrYQ;Trojan.Proxy.493;Deleted.;

command.exe;C:\WINDOWS\U2lrYQ;Trojan.Proxy.493;Deleted.;

bleh.exe;C:\Documents and Settings\Sika;Win32.IRC.Bot.based;Deleted.;

dotdr.exe;C:\Documents and Settings\Sika;Adware.DollarRevenue;Incurable.Moved.;

tmp0004d1d3;C:\Documents and Settings\Sika\Local Settings\Temp;Trojan.Virtumod;Deleted.;

cmdinst.exe;C:\Documents and Settings\Sika\Local Settings\Temp;Trojan.Proxy.493;Incurable.Moved.;

tmp0006afbb;C:\Documents and Settings\Sika\Local Settings\Temp;Trojan.Virtumod;Deleted.;

podosikik.html\Javascript.0;C:\Program Files\Windows NT\podosikik.html;Trojan.Click.1237;;

podosikik.html;C:\Program Files\Windows NT;Archive contains infected objects;Moved.;

mebeq.html\Javascript.0;C:\Program Files\CyberLink\mebeq.html;Trojan.Click.1237;;

mebeq.html;C:\Program Files\CyberLink;Archive contains infected objects;Moved.;

MyToolBar.dll;C:\Program Files\ToolBar888;Adware.FastSearch;Incurable.Will be moved after reboot.;

netmon.exe;C:\Program Files\Network Monitor;Trojan.DnsChange;Will be cured after reboot.;

A0001248.sys;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.NtRootKit.61;Deleted.;

A0002248.sys;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.NtRootKit.61;Deleted.;

A0002249.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Win32.IRC.Bot.based;Deleted.;

A0002256.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.DownLoader.9440;Deleted.;

A0002264.SYS;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.NtRootKit.61;Deleted.;

A0002266.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Win32.IRC.Bot.based;Deleted.;

A0002269.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.Starter.65;Deleted.;

A0002271.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Adware.DollarRevenue;Incurable.Moved.;

A0003263.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Win32.IRC.Bot.based;Deleted.;

A0003264.SYS;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.NtRootKit.61;Deleted.;

A0003271.EXE;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Win32.IRC.Bot.based;Deleted.;

A0003272.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;BackDoor.IRC.Sdbot.723;Deleted.;

A0003273.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;BackDoor.IRC.Rxbot;Deleted.;

A0003274.dll;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Adware.Look2me;Incurable.Moved.;

A0003279.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Win32.IRC.Bot.based;Deleted.;

A0003280.SYS;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.NtRootKit.61;Deleted.;

A0003281.dll;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Adware.Look2me;Incurable.Moved.;

A0003282.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.Starter.65;Deleted.;

A0003283.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.Starter.65;Deleted.;

A0003284.EXE;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.MulDrop.2267;Deleted.;

A0003286.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.DownLoader.10918;Deleted.;

A0003287.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.DownLoader.5013;Deleted.;

A0003288.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Win32.IRC.Bot.based;Deleted.;

A0003289.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Win32.Parite.2;Deleted.;

A0003290.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;BackDoor.IRC.Rxbot;Deleted.;

A0003291.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;BackDoor.IRC.Rxbot;Deleted.;

A0003292.dll;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.DownLoader.10919;Deleted.;

A0003293.dll;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.Virtumod;Deleted.;

A0003294.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;BackDoor.IRC.Sdbot.719;Deleted.;

A0003295.dll;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.Virtumod;Deleted.;

A0003296.dll;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.Proxy.493;Deleted.;

A0003297.exe;C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1;Trojan.Proxy.493;Deleted.;

csrs.exe;C:\!KillBox;BackDoor.IRC.Rxbot;Deleted.;

winIogon.exe;C:\!KillBox;BackDoor.IRC.Sdbot.723;Deleted.;

 

HiJackThis:

Logfile of HijackThis v1.99.1

Scan saved at 02:33:40, on 13/08/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\MSmedia.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Sika\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timecomputers.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\gebcc.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en

O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155428199093

O17 - HKLM\System\CCS\Services\Tcpip\..\{92C24AF5-5AA7-4BF9-BCA1-B34B15BE2937}: NameServer = 83.146.21.5 212.158.248.6

O17 - HKLM\System\CS2\Services\Tcpip\..\{21430AFA-DA6E-4060-A501-74626BC04C80}: NameServer = 83.146.21.5 212.158.248.6

O20 - Winlogon Notify: gebcc - C:\WINDOWS\SYSTEM32\gebcc.dll

O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\p0n80a5ued.dll

O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

 

Can i update my windows now?

Share this post


Link to post
Share on other sites

* I notice that you do not seem to be running antivirus software. This is somewhat suicidal in today's digital world. AVG makes an excellent free antivirus client, as do AntiVir or avast!.

 

* Please download Look2Me-Destroyer.exe to your desktop.

 

* Close all windows before continuing.

* Double-click Look2Me-Destroyer.exe to run it.

* Put a check next to Run this program as a task.

* You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK

* When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.

* Once it's done scanning, click the Remove L2M button.

* You will receive a Done Scanning message, click OK.

* When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.

* Your computer will then shutdown.

* Turn your computer back on.

 

If you receive a message from your firewall about this program accessing the internet please allow it.

 

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

 

 

* Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

* Please post the contents of C:\Look2Me-Destroyer.txt and C:\vundofix.txt and a new HiJackThis log!

Share this post


Link to post
Share on other sites

Vundofix did not find anything so didnt make a txt file but avg picking up a couple of viruses but it stoped now.

 

Look to me log:

 

Look2Me-Destroyer V1.0.12

 

Scanning for infected files.....

Scan started at 13/08/2006 21:58:24

 

Infected! C:\WINDOWS\system32\kt00l7dm1.dll

 

Attempting to delete infected files...

 

Attempting to delete: C:\WINDOWS\system32\kt00l7dm1.dll

C:\WINDOWS\system32\kt00l7dm1.dll Deleted successfully!

 

Making registry repairs.

 

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Controls Folder

 

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1F74F79A-587F-48E3-B316-5374CC4CC7F9}"

HKCR\Clsid\{1F74F79A-587F-48E3-B316-5374CC4CC7F9}

 

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BF9A54A8-A393-4354-AE6E-F1E759233D44}"

HKCR\Clsid\{BF9A54A8-A393-4354-AE6E-F1E759233D44}

 

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C41C9713-C845-4EBB-827A-B2AA258C0B7F}"

HKCR\Clsid\{C41C9713-C845-4EBB-827A-B2AA258C0B7F}

 

Restoring Windows certificates.

 

Replaced hosts file with default windows hosts file

 

 

Restoring SeDebugPrivilege for Administrators - Succeeded

 

Hijack this log:

Logfile of HijackThis v1.99.1

Scan saved at 22:06:46, on 13/08/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Sika\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timecomputers.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\gebcc.dll (file missing)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155428199093

O17 - HKLM\System\CCS\Services\Tcpip\..\{92C24AF5-5AA7-4BF9-BCA1-B34B15BE2937}: NameServer = 83.146.21.5 212.158.248.6

O17 - HKLM\System\CS2\Services\Tcpip\..\{21430AFA-DA6E-4060-A501-74626BC04C80}: NameServer = 83.146.21.5 212.158.248.6

O20 - Winlogon Notify: gebcc - gebcc.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

 

Can you recommend a good firwall?

Share this post


Link to post
Share on other sites

* First download ewido anti-spyware from HERE and save that file to your desktop.

This is a 30 day trial of the program

  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  2. Once the setup is complete you will need run ewido and update the definition files.
  3. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.

[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".

[*]Under "Reports"

  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

 

* If you do not already have Ad-Aware SE 1.06 installed, follow these download and setup instructions. Also check for updates:

Ad-Aware SE Setup

Again, do NOT run a scan yet.

 

 

* Next, please reboot your computer in Safe Mode by doing the following:

  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.

* Please open hijackthis and put a check next to the following:

 

O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\gebcc.dll (file missing)

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

 

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

 

* Next, run Ad-aware and perform a full scan. Remove everything found.

  1. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  2. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  3. ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  4. If you have any infections you will prompted, then select "Apply all actions"
  5. Next select the "Reports" icon at the top.
  6. Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).

* Restart your computer in normal mode.

 

* Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.

If you use Firefox browser

    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

For Technical Support, double-click the e-mail address located at the bottom of each menu.

 

* after that, post a new hijackthis log here with the report from ewido

Share this post


Link to post
Share on other sites

Hijackthis log:

Logfile of HijackThis v1.99.1

Scan saved at 00:05:49, on 14/08/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Sika\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.timecomputers.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com

F2 - REG:system.ini: UserInit=userinit.exe

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155428199093

O17 - HKLM\System\CCS\Services\Tcpip\..\{92C24AF5-5AA7-4BF9-BCA1-B34B15BE2937}: NameServer = 83.146.21.5 212.158.248.6

O17 - HKLM\System\CS2\Services\Tcpip\..\{21430AFA-DA6E-4060-A501-74626BC04C80}: NameServer = 83.146.21.5 212.158.248.6

O20 - Winlogon Notify: gebcc - gebcc.dll (file missing)

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

 

ewido report:

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 23:55:50 13/08/2006

 

+ Scan result:

 

 

 

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\A0003274.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\A0003281.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\Installer3.exe -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\mawmdm.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003309.exe -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003311.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003317.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003322.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003326.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003332.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003335.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003346.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003347.dll -> Adware.Look2Me : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\MyToolBar.dll -> Adware.Softomate : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003316.dll -> Adware.Softomate : Cleaned with backup (quarantined).

C:\Program Files\ToolBar888 -> Adware.ToolBar888 : Cleaned with backup (quarantined).

C:\Program Files\ToolBar888\Activate.exe -> Adware.ToolBar888 : Cleaned with backup (quarantined).

C:\Program Files\ToolBar888\Uninst.exe -> Adware.ToolBar888 : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003344.dll -> Backdoor.Agent.ff : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003348.exe -> Backdoor.Agobot.afk : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\dotdr.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\dotdr__0.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\woa32.exe/dotdr.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003266.exe/dotdr.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003310.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003312.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).

C:\WINDOWS\system32\woa32.exe/dotdr.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\drsmartload45a8b9abc.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\drsmartload45a[1].exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\drsmartload46a8b9abc.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\drsmartload46a[1].exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\drsmartload849a8b9abc.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\drsmartload849a[1].exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003305.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003307.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003308.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\nwnmff_9.exe -> Downloader.Adload.eb : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\nwnmff_9[1].exe -> Downloader.Adload.eb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003304.exe -> Downloader.Adload.eb : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\kybrdff_9.exe -> Downloader.Adload.ec : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\kybrdff_9[1].exe -> Downloader.Adload.ec : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003303.exe -> Downloader.Adload.ec : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\woa32.exe/dotrm.dll -> Downloader.ConHook.ad : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003266.exe/dotrm.dll -> Downloader.ConHook.ad : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003336.DLL -> Downloader.ConHook.ad : Cleaned with backup (quarantined).

C:\WINDOWS\system32\woa32.exe/dotrm.dll -> Downloader.ConHook.ad : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\A0002271.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\drsmartload.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\drsmartload1.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\drsmartload[1].exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\loader[1].exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003301.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003306.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003300.exe -> Dropper.Agent.ye : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003298.exe -> Dropper.Paradrop.a : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003299.exe -> Dropper.Paradrop.a : Cleaned with backup (quarantined).

C:\Program Files\Thomson SpeedTouch\ST330\WebInstaller\STHIW\stInstall.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0000113.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0000123.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0000142.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0000230.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0000248.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\mebeq.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\podosikik.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\dfndrff_9.exe -> Hijacker.VB.or : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\DoctorWeb\Quarantine\dfndrff_9[1].exe -> Hijacker.VB.or : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003302.exe -> Hijacker.VB.or : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003315.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003314.sys -> Rootkit.Agent.o : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003331.SYS -> Rootkit.Agent.o : Cleaned with backup (quarantined).

C:\WINDOWS\system32\rdriv.sys -> Rootkit.Agent.o : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).

C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt -> TrackingCookie.Top-banners : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

C:\WINDOWS\system32\config\systemprofile\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

 

 

::Report end

Share this post


Link to post
Share on other sites

* Launch Ewido and in the main window click "Realtime protection" (in green indicating "Active") to change to inactive.

 

* Please open hijackthis and put a check next to the following:

 

O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing)

O20 - Winlogon Notify: gebcc - gebcc.dll (file missing)

 

* After you check the items you want to fix, close all browsers and windows, except for HijackThis, then click on the Fix Checked button on HijackThis.

 

* After that, post a new hijackthis log here and tell me how everything is working.

Share this post


Link to post
Share on other sites

Thank you very much. I don't seem to have anymore virus errors or problems downloading microsoft updates. The small minor problem is that my internet explorer doesn't display pages and i need to refreash it 5 times to get it to show the page.

 

HijackThis log:

Logfile of HijackThis v1.99.1

Scan saved at 11:45:42, on 14/08/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Sika\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com

F2 - REG:system.ini: UserInit=userinit.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [sUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1155428199093

O17 - HKLM\System\CCS\Services\Tcpip\..\{92C24AF5-5AA7-4BF9-BCA1-B34B15BE2937}: NameServer = 83.146.21.5 212.158.248.6

O17 - HKLM\System\CS2\Services\Tcpip\..\{21430AFA-DA6E-4060-A501-74626BC04C80}: NameServer = 83.146.21.5 212.158.248.6

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

 

Thanks agian

 

and btw i have like two antiviruses do i need to get rid of one. i have avg and ewido.

Share this post


Link to post
Share on other sites

Ewido is NOT an antivirus. :D

 

Go to http://windowsupdate.microsoft.com/ and install service pack 2 and the update after SP2

 

Finally, post a new hijackthis log here and tell me how everything is working. :)

Share this post


Link to post
Share on other sites

I just tried to upgrade microsoft and there were 52 critical updates which i downloaded but after i installed them my computer kept constontly restarting then i was taking to a menu where i could choose from safe mode, last know good configuration and run windows normally. I tried run windows normally took me back to same screen tried last know good configuration took me back to same screen so i had to uninstall all 52 updates before i got my pc to work agian.... Any idea why this happened?

Share this post


Link to post
Share on other sites

Hmm, can you redo the step with dr.web and post me the report here?

Share this post


Link to post
Share on other sites

Ok, can I see a new hijackthis log? :)

Share this post


Link to post
Share on other sites

I'm now having problems from computer randomly restarting and a message saying it has recovered from a fatel error or something.

 

Logfile of HijackThis v1.99.1

Scan saved at 18:50:29, on 16/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Sika\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com

O4 - HKLM\..\Run: [sUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{92C24AF5-5AA7-4BF9-BCA1-B34B15BE2937}: NameServer = 83.146.21.5 212.158.248.6

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

Share this post


Link to post
Share on other sites

WHat happened to AVG? Re-install it!

 

Also, scan again what an up-to-date ewido in safe mode, and post the report of it here with a new hijackthis log

Share this post


Link to post
Share on other sites

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 20:27:54 16/08/2006

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003361.exe/dotdr.exe -> Downloader.Adload.ch : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003362.exe/dotdr.exe -> Downloader.Adload.ch : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003363.exe -> Downloader.Adload.ch : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003364.exe -> Downloader.Adload.ch : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003377.exe -> Downloader.Adload.ds : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003378.exe -> Downloader.Adload.ds : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003379.exe -> Downloader.Adload.ds : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003380.exe -> Downloader.Adload.ds : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003381.exe -> Downloader.Adload.ds : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003382.exe -> Downloader.Adload.ds : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003375.exe -> Downloader.Adload.eb : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003376.exe -> Downloader.Adload.eb : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003373.exe -> Downloader.Adload.ec : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003374.exe -> Downloader.Adload.ec : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003361.exe/dotrm.dll -> Downloader.ConHook.ad : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003362.exe/dotrm.dll -> Downloader.ConHook.ad : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003366.exe -> Downloader.VB.agk : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003367.exe -> Downloader.VB.agk : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003368.exe -> Downloader.VB.agk : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003369.exe -> Downloader.VB.agk : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003370.exe -> Downloader.VB.agk : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003388.exe -> Heuristic.Win32.Dialer : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003371.exe -> Hijacker.VB.or : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003372.exe -> Hijacker.VB.or : No action taken.

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003365.sys -> Rootkit.Agent.o : No action taken.

:mozilla.113:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.2o7 : No action taken.

:mozilla.114:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.2o7 : No action taken.

:mozilla.115:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : No action taken.

:mozilla.169:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adrevolver : No action taken.

:mozilla.170:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adrevolver : No action taken.

:mozilla.171:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adrevolver : No action taken.

:mozilla.172:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adrevolver : No action taken.

:mozilla.173:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adrevolver : No action taken.

:mozilla.56:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adtech : No action taken.

:mozilla.57:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adtech : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : No action taken.

:mozilla.300:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Advertising : No action taken.

:mozilla.301:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Advertising : No action taken.

:mozilla.302:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Advertising : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : No action taken.

:mozilla.61:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Atdmt : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.

:mozilla.223:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Bluestreak : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : No action taken.

:mozilla.67:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Burstbeacon : No action taken.

:mozilla.66:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Burstnet : No action taken.

:mozilla.52:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Casalemedia : No action taken.

:mozilla.53:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Casalemedia : No action taken.

:mozilla.54:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Casalemedia : No action taken.

:mozilla.89:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Com : No action taken.

:mozilla.55:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Doubleclick : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : No action taken.

:mozilla.83:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Euroclick : No action taken.

:mozilla.84:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Euroclick : No action taken.

:mozilla.85:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Euroclick : No action taken.

:mozilla.86:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Euroclick : No action taken.

:mozilla.87:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Euroclick : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : No action taken.

:mozilla.81:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Falkag : No action taken.

:mozilla.101:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Fastclick : No action taken.

:mozilla.106:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Fastclick : No action taken.

:mozilla.108:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Fastclick : No action taken.

:mozilla.109:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Fastclick : No action taken.

:mozilla.110:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Fastclick : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : No action taken.

:mozilla.239:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hitbox : No action taken.

:mozilla.241:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hitbox : No action taken.

:mozilla.242:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hitbox : No action taken.

:mozilla.243:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hitbox : No action taken.

:mozilla.294:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hitbox : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : No action taken.

:mozilla.264:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hotlog : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : No action taken.

:mozilla.79:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Mediaplex : No action taken.

:mozilla.80:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Mediaplex : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : No action taken.

:mozilla.184:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Pointroll : No action taken.

:mozilla.185:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Pointroll : No action taken.

:mozilla.186:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Pointroll : No action taken.

:mozilla.187:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Pointroll : No action taken.

:mozilla.118:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Questionmarket : No action taken.

:mozilla.119:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Questionmarket : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : No action taken.

:mozilla.290:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Serving-sys : No action taken.

:mozilla.291:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Serving-sys : No action taken.

:mozilla.292:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Serving-sys : No action taken.

:mozilla.293:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Serving-sys : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : No action taken.

:mozilla.304:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Sitestat : No action taken.

:mozilla.263:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Spylog : No action taken.

:mozilla.129:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Statcounter : No action taken.

:mozilla.274:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Tacoda : No action taken.

:mozilla.275:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Tacoda : No action taken.

:mozilla.276:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Tacoda : No action taken.

:mozilla.47:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Tradedoubler : No action taken.

:mozilla.227:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Tribalfusion : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : No action taken.

:mozilla.100:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : No action taken.

:mozilla.102:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : No action taken.

:mozilla.103:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : No action taken.

:mozilla.104:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : No action taken.

:mozilla.105:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : No action taken.

:mozilla.107:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : No action taken.

:mozilla.111:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : No action taken.

:mozilla.68:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valueclick : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : No action taken.

:mozilla.35:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.36:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.37:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.38:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.39:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.40:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : No action taken.

:mozilla.41:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : No action taken.

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.

 

 

::Report end

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 20:31:20, on 16/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Sika\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com

O4 - HKLM\..\Run: [sUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{92C24AF5-5AA7-4BF9-BCA1-B34B15BE2937}: NameServer = 83.146.21.5 212.158.248.6

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

 

Installing avg now

Share this post


Link to post
Share on other sites

Are you sure you quarantined everything with ewido? Because the logs says 'no action taken'

Share this post


Link to post
Share on other sites

Ok, can I see a new hijackthis log?

Share this post


Link to post
Share on other sites

I managed to get the antivirus to run yesterday heres log:

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 23:47:47 17/08/2006

 

+ Scan result:

 

 

 

C:\Documents and Settings\Sika\Local Settings\Temp\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Local Settings\Temporary Internet Files\Content.IE5\4PKJKRW7\ares[1].exe/VVSN.exe -> Adware.SaveNow : Cleaned with backup (quarantined).

HKLM\SOFTWARE\WhenUSave -> Adware.SaveNow : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003361.exe/dotdr.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003362.exe/dotdr.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003363.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003364.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003377.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003378.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003379.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003380.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003381.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003382.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003375.exe -> Downloader.Adload.eb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003376.exe -> Downloader.Adload.eb : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003373.exe -> Downloader.Adload.ec : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003374.exe -> Downloader.Adload.ec : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003361.exe/dotrm.dll -> Downloader.ConHook.ad : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003362.exe/dotrm.dll -> Downloader.ConHook.ad : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003366.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003367.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003368.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003369.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003370.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003388.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003371.exe -> Hijacker.VB.or : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003372.exe -> Hijacker.VB.or : Cleaned with backup (quarantined).

C:\System Volume Information\_restore{7EF2FCF7-1ABA-470E-A97D-021F2A361541}\RP1\A0003365.sys -> Rootkit.Agent.o : Cleaned with backup (quarantined).

:mozilla.113:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.114:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.115:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.138:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.64:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).

:mozilla.86:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.87:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.89:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.90:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Adbrite : Cleaned with backup (quarantined).

:mozilla.139:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

:mozilla.140:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

:mozilla.141:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

:mozilla.142:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

:mozilla.143:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

:mozilla.169:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

:mozilla.170:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

:mozilla.171:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

:mozilla.172:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

:mozilla.173:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adrevolver : Cleaned with backup (quarantined).

:mozilla.47:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).

:mozilla.48:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).

:mozilla.56:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adtech : Cleaned with backup (quarantined).

:mozilla.57:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Adtech : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Adtech : Cleaned with backup (quarantined).

:mozilla.12:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.13:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.14:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.300:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.301:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.302:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).

:mozilla.53:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

:mozilla.61:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).

:mozilla.223:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).

:mozilla.52:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).

:mozilla.67:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).

:mozilla.55:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

:mozilla.56:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

:mozilla.57:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

:mozilla.66:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).

:mozilla.52:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.53:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.54:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).

:mozilla.107:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).

:mozilla.89:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Com : Cleaned with backup (quarantined).

:mozilla.46:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

:mozilla.55:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).

:mozilla.83:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.84:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.85:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.86:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.87:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).

:mozilla.81:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Falkag : Cleaned with backup (quarantined).

:mozilla.101:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.106:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.108:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.109:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.110:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.24:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.30:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.31:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.32:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.33:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.34:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).

:mozilla.15:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).

:mozilla.19:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).

:mozilla.20:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup (quarantined).

:mozilla.111:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.112:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.113:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.239:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.241:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.242:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.243:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

:mozilla.294:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Hitslink : Cleaned with backup (quarantined).

:mozilla.264:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Hotlog : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).

:mozilla.79:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

:mozilla.80:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

:mozilla.94:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).

:mozilla.184:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).

:mozilla.185:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).

:mozilla.186:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).

:mozilla.187:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).

:mozilla.118:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

:mozilla.119:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

:mozilla.66:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

:mozilla.67:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

:mozilla.68:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned with backup (quarantined).

:mozilla.290:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.291:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.292:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.293:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).

:mozilla.304:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Sitestat : Cleaned with backup (quarantined).

:mozilla.263:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Spylog : Cleaned with backup (quarantined).

:mozilla.129:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).

:mozilla.274:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

:mozilla.275:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

:mozilla.276:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).

:mozilla.106:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).

:mozilla.47:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).

:mozilla.227:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

:mozilla.58:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).

:mozilla.100:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.102:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.103:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.104:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.105:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.107:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.111:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.35:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.36:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.37:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.38:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.39:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.40:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup (quarantined).

:mozilla.68:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned with backup (quarantined).

:mozilla.35:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.36:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.37:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.38:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.39:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.40:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.41:C:\FOUND.000\FILE0012.CHK -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.69:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.70:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.71:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.72:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.73:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.74:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

:mozilla.75:C:\Documents and Settings\Sika\Application Data\Mozilla\Firefox\Profiles\uo18dx2x.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

C:\Documents and Settings\Sika\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).

 

 

::Report end

 

Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 14:36:14, on 18/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Sika\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com

O4 - HKLM\..\Run: [sUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{92C24AF5-5AA7-4BF9-BCA1-B34B15BE2937}: NameServer = 83.146.21.5 212.158.248.6

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

 

I saw something about system restore. Do you think the system restore files still contain the virus?

Share this post


Link to post
Share on other sites

I see you still haven't an antivirus installed...

Share this post


Link to post
Share on other sites

I've installed the anti-virus now.

 

My computer is still randomly crashing and my web pages have to be refreashed many times before they show the page.

 

Logfile of HijackThis v1.99.1

Scan saved at 09:15:53, on 20/08/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Thomson SpeedTouch\ST330\service\st330service.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\Program Files\Thomson SpeedTouch\ST330\diagnostics\diagnostics.exe

C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Sika\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.timecomputers.com

O4 - HKLM\..\Run: [sUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\status.exe

O4 - HKLM\..\Run: [diagnostics] "C:\Program Files/Thomson SpeedTouch/ST330/diagnostics/diagnostics.exe" /icon -l:en

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [VTPreset] VTPreset.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{92C24AF5-5AA7-4BF9-BCA1-B34B15BE2937}: NameServer = 83.146.21.5 212.158.248.6

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

O23 - Service: SpeedTouch 330 Manager (st330service) - THOMSON Telecom Belgium - C:\Program Files/Thomson SpeedTouch/ST330/service/st330service.exe

Share this post


Link to post
Share on other sites

I don't think this is caused by malware, or maybe is your OS dmaged by the removed malware, so it's better to format, or ask in the issue's forum if they know an answer. :)

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0