Recommended Posts

Hi CalamityJane,

 

My partner's PC (Windows XP) is also infected with the [email protected] virus. Pop-ups (including ###### ads keep poping up, to the embarasment of the kids) and the homepage is highjacked. Norton has not detected it, let alone fix it.

 

I have read the whole thread with interest. However, since the thread has evolved, I was wondering whether you would be kind enough to post a definitive procedure to eliminate this pest.

 

Many thanks,

 

Leo

Share this post


Link to post
Share on other sites

Hi Leo,

 

This morning (May 17) Adaware has had a major update (SE1R108 17.05.2006) which hopefully addresses this pest. So first, please update your Adaware program and do a full system scan:

Please can you make sure that you are using

Ad-aware SE Build 106r1

Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

 

[if not Uninstall your old Ad-aware first then install SE]

Then use the WebUpDate

to get the latest Definition file

SE1R108 17.05.2006

To do this Open Ad-aware

Click the WebUpDate

button at the top right hand side of the Ad-aware screen (The world globe).

Click "Connect"

Ad-aware will then download the latest Definition file for you.

To make sure it is updated , look at the main

Ad-aware screen, and look under "Initialization Status"

It should say the Latest Definition file.

then scan doing a "Full Scan" and then post your logfile in a NEW topic by using the Add-Reply

Feature .

 

As Logs are stored in :

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.

 

The previous fix we were using (before this update) is listed here (the second post in this thread by me):

http://www.lavasoftsupport.com/index.php?s...findpost&p=1416

 

I need some folks with this infection to please update and scan with Adaware and post your logs in a new topic so I can see if it is getting all of it.

Share this post


Link to post
Share on other sites

Ok, good luck, Leo.

 

We're here to help if you still need it after that ;)

 

(Just make sure you post your logs into a new topic so we don't have everyone all tangled up in one thread) :)

Share this post


Link to post
Share on other sites

I need some help too Please

 

Logfile of HijackThis v1.99.1

Scan saved at 12:49:19 AM, on 6/22/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\program files\support.com\client\bin\tgcmd.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\Program Files\Common Files\AOL\1109633275\ee\AOLSoftware.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\LogiTray.exe

C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

C:\Program Files\Logitech\ImageStudio\LogiTray.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\AOL\1109633275\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\system32\ezSP_Px.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Logitech\Video\FxSvr2.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

C:\Program Files\WiFiConnector\NintendoWFCReg.exe

C:\PROGRA~1\Webshots\webshots.scr

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\System32\dllhost.exe

C:\Program Files\AIM\aim.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\LiLLz\Desktop\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.excite.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=566...rosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe

O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe

O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe

O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe

O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe

O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=063006 serial=WS12WCX-0203227-XWJ

O4 - HKLM\..\Run: [DeskMateAutoUpdate] C:\PROGRA~1\DESKMA~1\DeskMateAutoUpdate.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [AOLSPScheduler] C:\Program Files\Common Files\AOL\1109633275\ee\services\sscAntiSpywarePlugin\ver1_10_3_1\AOLSP Scheduler.exe

O4 - HKLM\..\Run: [sscRun] C:\Program Files\Common Files\AOL\1109633275\ee\services\sscFirewallPlugin\ver1_10_3_1\SSCRun.exe

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Startup: Oska DeskMate.LNK = C:\Program Files\DeskMates\Oska\Oska.exe

O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\PartyGaming\PartyPoker\RunApp.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/support/pops/mdldetect/VaioInfo.CAB

O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1F3B670D-4AD5-24CF-6B32-73FD6DAE7FAB} - http://85.255.113.214/1/gdnUS2338.exe

O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLaunc...iveLauncher.cab

O16 - DPF: {42C9E5EE-DA49-49B4-8ECC-1CAB1C51A2AB} (HomePrintingCtrl Class) - http://www.kodakgallery.com/downloads/hmpr..._1/axhomepr.cab

O16 - DPF: {4925E497-BDA4-26F6-F580-171812647E39} - http://85.255.113.214/1/gdnUS2338.exe

O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com/computercheckup/qdiagcc.cab

O16 - DPF: {4F3BAAAE-D6F6-6BFF-00E6-095D04847D4C} - http://85.255.113.214/1/gdnUS2338.exe

O16 - DPF: {56B0C705-6811-29D7-2EFD-10203F389077} - http://85.255.113.214/1/gdnUS2339.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120401972640

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132429531875

O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._1/axofupld.cab

O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...0/installer.exe

O18 - Protocol: bw+0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw+0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw-0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw00s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw10s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw20s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw30s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw40s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw50s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw60s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw70s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw80s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bw90s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwa0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwb0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwc0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwd0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwe0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwf0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: bwg0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwg0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwh0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwi0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwj0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwk0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwl0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwm0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwn0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwo0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwp0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwq0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwr0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bws0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwt0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwu0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwv0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bww0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwx0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwy0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: bwz0s - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O18 - Protocol: offline-8876480 - {7C8AE208-973F-47AC-B458-D93A8EE04F45} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe" /Service=VAIOMediaPlatform-MusicServer-AppServer /DisplayName="VAIO Media Music Server (file missing)

O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-MusicServer-HTTP /RegRoot="Software\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\MusicServer\HTTP (file missing)

O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe

O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-PhotoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\PhotoServer\HTTP (file missing)

O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe" /Service=VAIOMediaPlatform-VideoServer-AppServer /DisplayName="VAIO Media Video Server (file missing)

O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Unknown owner - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-VideoServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Applications\VideoServer\HTTP (file missing)

O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

Share this post


Link to post
Share on other sites

@JAP208 Hi and welcome :unsure:

 

This is now an old topic. It belongs to the original poster only (pahurley).

 

If you need assistance, please post your own NEW TOPIC in this forum:

http://www.lavasoftsupport.com/index.php?showforum=36

 

Please follow these instructions first, however:

IMPORTANT - Before Posting a HijackThis Log

http://www.lavasoftsupport.com/index.php?showtopic=660

 

We will need your Adaware SE log first, then you may post a HijackThis log

 

Please can you make sure that you are using

Ad-aware SE Build 106r1

Note: If your version is 6.0 and not the SE, you need to uninstall and get the latest version from the above link.

 

[if not Uninstall your old Ad-aware first then install SE]

Then use the WebUpDate

to get the latest Definition file

SE1R112 15.06.2006

To do this Open Ad-aware

Click the WebUpDate

button at the top right hand side of the Ad-aware screen (The world globe).

Click "Connect"

Ad-aware will then download the latest Definition file for you.

To make sure it is updated , look at the main

Ad-aware screen, and look under "Initialization Status"

It should say the Latest Definition file.

then scan doing a "Full Scan"

and then post your logfile here by using the Add-Reply Feature .

As Logs are stored in :

C:\Documents and Settings\USERNAME\Application Data\Lavasoft\Ad-aware\Logs\.

An easy way to get there is to

click Start,

click Run

And type in and press ENTER: %appdata%

then click Lavasoft

then Ad-Aware

and then Logs.

scroll down to find the latest one that you have

(by date & time)

and open it right Click select all

copy and then paste the contents of it here.

(Make sure that all of your Logfile has been posted, sometimes it will require two post's to get it all)

I recommend that you use the WebUpDate just before you scan that way you will always be up to date.

 

(note The Application Data is a hidden folder, so you will need to show hidden files and folders)

Share this post


Link to post
Share on other sites

Hi

 

i have got the same problem with [email protected] virus. i have followed your instruction until #8. i couldn't get to this page:

http://www.pandasoftware.com/activescan/co...n_principal.htm

 

However i have managed to download HijackThis from other source.

 

Please can you help to review my report below. i found that some virus are still in my computer. sometimes Ewido pop up virus found and there is still the virus found icon on the taskbar.

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 4:03:05 AM 7/6/2006

 

+ Scan result:

 

 

 

C:\WINDOWS\Downloaded Program Files\YazzleActiveX.ocx -> Adware.MediaTickets : Cleaned.

C:\WINDOWS\YAXUninst.exe -> Adware.MediaTickets : Cleaned.

C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned.

C:\WINDOWS\g305593.dll -> Downloader.Delf.amb : Cleaned.

[232] C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned.

[768] C:\WINDOWS\g1922312.dll -> Downloader.Delf.amb : Cleaned.

C:\Documents and Settings\Administrator\Local Settings\Temp\OA.exe -> Downloader.PurityScan.cq : Cleaned.

C:\Program Files\Common Files\Y1123OA.exe -> Downloader.PurityScan.cq : Cleaned.

C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.wo : Cleaned.

C:\WINDOWS\system32\oins.exe -> Dropper.Small : Cleaned.

:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.192:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.197:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.198:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.199:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.201:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.202:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.203:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.204:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.205:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.206:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.207:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.208:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.403:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

:mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.215:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.

:mozilla.86:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adserver : Cleaned.

:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.

:mozilla.348:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.349:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.350:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.351:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Adviva : Cleaned.

:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.485:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.

:mozilla.345:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.

:mozilla.233:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

:mozilla.234:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Casinotropez : Cleaned.

:mozilla.490:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Centrport : Cleaned.

:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Cj : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Cj : Cleaned.

:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.436:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.

:mozilla.443:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Commission-junction : Cleaned.

:mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.

:mozilla.472:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.

:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

C:\Documents and Settings\Administrator\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.458:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.463:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.

:mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.

:mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.188:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.

:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.250:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.324:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.332:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.

:mozilla.333:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.

:mozilla.334:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.

:mozilla.335:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.

:mozilla.336:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.

:mozilla.337:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.

:mozilla.338:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.

:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.254:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.

:mozilla.85:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Onestat : Cleaned.

:mozilla.306:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.307:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.308:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.309:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

:mozilla.505:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.

:mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.

:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.376:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.

:mozilla.381:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.

:mozilla.216:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.

:mozilla.389:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.390:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.391:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.392:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

:mozilla.479:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Sexcounter : Cleaned.

:mozilla.394:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.

:mozilla.340:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.341:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.342:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.343:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.344:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.

:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.

:mozilla.508:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.

:mozilla.509:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Trafic : Cleaned.

:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

:mozilla.453:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.

:mozilla.388:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.393:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.396:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.399:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.401:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.404:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.449:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.

:mozilla.374:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.375:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.445:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Webtrendslive : Cleaned.

:mozilla.496:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.497:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.498:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.499:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.500:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.

:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3cu2xnax.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\D1NKFR8O\bgates[1].exe -> Trojan.Dialer.pz : Cleaned.

C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\GDUJ8HAB\srvhsf[1].exe -> Trojan.Pakes : Cleaned.

C:\WINDOWS\Temp\winDD.tmp.exe -> Trojan.Pakes : Cleaned.

C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned.

C:\WINDOWS\system32\1024\ld2E4E.tmp -> Trojan.Small : Cleaned.

C:\WINDOWS\system32\1024\ld33B9.tmp -> Trojan.Small : Cleaned.

C:\WINDOWS\system32\1024\ld8CB7.tmp -> Trojan.Small : Cleaned.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\kernel32.dll -> Trojan.Small : Cleaned.

 

 

::Report end

 

------------------------------------------------------------------------

SmitFraudFix v2.67

 

Scan done at 4:07:28.65, Thu 07/06/2006

Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in safe mode

 

ปปปปปปปปปปปปปปปปปปปปปปปป Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

 

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]

@="C:\WINDOWS\g1922312.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]

@="C:\WINDOWS\g1922312.dll"

 

 

ปปปปปปปปปปปปปปปปปปปปปปปป Killing process

 

 

ปปปปปปปปปปปปปปปปปปปปปปปป Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

ปปปปปปปปปปปปปปปปปปปปปปปป Deleting infected files

 

C:\WINDOWS\system32\dcomcfg.exe Deleted

C:\WINDOWS\system32\hp???.tmp Deleted

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\regperf.exe Deleted

C:\WINDOWS\system32\simpole.tlb Deleted

C:\WINDOWS\system32\stdole3.tlb Deleted

C:\WINDOWS\system32\ts.ico Deleted

C:\DOCUME~1\ALLUSE~1\DESKTOP\Online Security Guide.url Deleted

C:\DOCUME~1\ADMINI~1\FAVORI~1\Antivirus Test Online.url Deleted

C:\Program Files\SpyQuake2.com\ Deleted

 

ปปปปปปปปปปปปปปปปปปปปปปปป Deleting Temp Files

 

 

ปปปปปปปปปปปปปปปปปปปปปปปป Registry Cleaning

 

Registry Cleaning done.

 

ปปปปปปปปปปปปปปปปปปปปปปปป After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"furnariidae"="{89e4aaba-3b21-49b3-b922-8ca35193c68e}"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

 

[HKEY_CLASSES_ROOT\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]

@="C:\WINDOWS\g1922312.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InProcServer32]

@="C:\WINDOWS\g1922312.dll"

 

 

 

ปปปปปปปปปปปปปปปปปปปปปปปป End

 

------------------------------------------------------------------

Logfile of HijackThis v1.99.1

Scan saved at 4:27:08 AM, on 7/6/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe

C:\PROGRA~1\mcafee.com\agent\mcagent.exe

c:\progra~1\mcafee.com\vso\mcvsescn.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\ctfmon.exe

C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe

C:\WINDOWS\system32\clc.exe

C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe

C:\Program Files\Dict95\bin\MagicLnk.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\1-Click Answers\answers.exe

C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Program Files\1-Click Answers\agtserv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\fxssvc.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

C:\WINDOWS\system32\regsvr32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2K0.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [internetCalls] "C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe" -nosplash -minimized

O4 - HKCU\..\Run: [Ouoe] "C:\DOCUME~1\ADMINI~1\APPLIC~1\ICROSO~1.NET\ping.exe" -vt yax

O4 - HKCU\..\Run: [clc] C:\WINDOWS\system32\clc.exe

O4 - Global Startup: Digimax Viewer 2.1.lnk = ?

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Magic Linker.lnk = C:\Program Files\Dict95\bin\MagicLnk.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = ?

O4 - Global Startup: 1-Click Answers.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Google AdSense Preview Tool - http://pagead2.googlesyndication.com/pagea...en/preview.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O8 - Extra context menu item: ส่&งออ�ไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O15 - Trusted Zone: http://www.phuketgazette.net

O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g1922312.dll

O20 - Winlogon Notify: winmmt32 - C:\WINDOWS\SYSTEM32\winmmt32.dll

O21 - SSODL: furnariidae - {89e4aaba-3b21-49b3-b922-8ca35193c68e} - C:\WINDOWS\system32\zlara.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe

O23 - Service: MySql - Unknown owner - C:\IBserver\mysql\bin\mysqld-opt.exe

 

-------------------------------------------------------------------

Share this post


Link to post
Share on other sites

Hi panya,

 

You are posting in someone else's topic. Please post your own NEW TOPIC and someone will review your logs as soon as available. Be sure to include your Adaware SE scan logs as well.

 

Use this button to start a new topic

t_new.gif

Share this post


Link to post
Share on other sites

Here goes my log reports after performing all the instructions from calamity jane. Can someone tell me whether I am still infected?

 

SmitFraudFix v2.68b

 

Scan done at 14:10:34.06, 07/07/2006

Run from C:\Documents and Settings\tahseen\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

Fix ran in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}"="Reload Browse"

 

[HKEY_CLASSES_ROOT\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}\InProcServer32]

@="C:\WINDOWS\system32\svchosts.dll"

 

[HKEY_CURRENT_USER\Software\Classes\CLSID\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}\InProcServer32]

@="C:\WINDOWS\system32\svchosts.dll"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"fairydom"="{5839511e-ec1b-4f91-ace3-fb88e52f5239}"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

C:\WINDOWS\system32\svchosts.dll -> Missing File

 

C:\WINDOWS\system32\jevtxpg.dll -> Missing File

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

C:\WINDOWS\system32\dcomcfg.exe Deleted

C:\WINDOWS\system32\hp???.tmp Deleted

C:\WINDOWS\system32\ld???.tmp Deleted

C:\WINDOWS\system32\ot.ico Deleted

C:\WINDOWS\system32\regperf.exe Deleted

C:\WINDOWS\system32\simpole.tlb Deleted

C:\WINDOWS\system32\stdole3.tlb Deleted

C:\WINDOWS\system32\ts.ico Deleted

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

 

Logfile of HijackThis v1.99.1

Scan saved at 15:26:13, on 07/07/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\ewido anti-spyware 4.0\guard.exe

c:\program files\mcafee.com\agent\mcdetect.exe

c:\PROGRA~1\mcafee.com\vso\mcshield.exe

c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\McAfee.com\VSO\mcvsshld.exe

c:\program files\mcafee.com\agent\mcagent.exe

C:\PROGRA~1\mcafee.com\vso\mcvsescn.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

C:\Program Files\McAfee.com\VSO\oasclnt.exe

C:\PROGRA~1\Yahoo!\browser\ycommon.exe

C:\Program Files\ewido anti-spyware 4.0\ewido.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

c:\progra~1\mcafee.com\vso\mcvsftsn.exe

C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\tahseen\Desktop\HijackThis.exe

 

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

F2 - REG:system.ini: Shell=explorer.exe "

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\Home Cinema\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe

O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Microsoft Internet Acceleration Utility] iau.exe

O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe

O4 - HKCU\..\Run: [internet Connection Wizard] stisvsq.exe

O4 - HKCU\..\Run: [Games Acceleration] svshost.exe

O4 - HKCU\..\Run: [internet Mail and News] msqdevl.exe

O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe

O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet

O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = D:\installed softwares\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\INSTAL~1\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.toysrus.co.uk/

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {FF3F0F03-0F01-131A-A3F9-08F02B23E0CC} - http://207.226.177.98/dba2218.exe

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe

O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

 

---------------------------------------------------------

ewido anti-spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 14:06:18 07/07/2006

 

+ Scan result:

 

 

 

C:\Documents and Settings\tahseen\Local Settings\Temporary Internet Files\Content.IE5\A54BAHE5\dba2218[1].exe -> Dialer.GBDialer.g : Cleaned with backup (quarantined).

C:\Documents and Settings\tahseen\Local Settings\Temp\start.exe -> Downloader.Small.ctd : Cleaned with backup (quarantined).

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> TrackingCookie.2o7 : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp -> TrackingCookie.Adtech : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> TrackingCookie.Advertising : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> TrackingCookie.Adviva : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq48.tmp -> TrackingCookie.Atdmt : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> TrackingCookie.Bfast : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> TrackingCookie.Casalemedia : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> TrackingCookie.Coremetrics : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp -> TrackingCookie.Doubleclick : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp -> TrackingCookie.Falkag : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> TrackingCookie.Fastclick : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> TrackingCookie.Hitbox : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4F.tmp -> TrackingCookie.Hitslink : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> TrackingCookie.Mediaplex : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Onestat : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq51.tmp -> TrackingCookie.Paycounter : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> TrackingCookie.Serving-sys : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D.tmp -> TrackingCookie.Sexlist : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq52.tmp -> TrackingCookie.Sexlist : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq20.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq21.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq23.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq24.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq54.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq56.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq57.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5A.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp -> TrackingCookie.Sextracker : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Spylog : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp -> TrackingCookie.Statcounter : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> TrackingCookie.Tacoda : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq44.tmp -> TrackingCookie.Tacoda : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp -> TrackingCookie.Tribalfusion : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5F.tmp -> TrackingCookie.Tribalfusion : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp -> TrackingCookie.Webtrendslive : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> TrackingCookie.Xxxcounter : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp -> TrackingCookie.Yieldmanager : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq47.tmp -> TrackingCookie.Yieldmanager : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> TrackingCookie.Zedo : Cleaned.

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq45.tmp -> TrackingCookie.Zedo : Cleaned.

C:\Program Files\Media-Codec -> Trojan.Small : Cleaned with backup (quarantined).

C:\Program Files\Media-Codec\uninst.exe -> Trojan.Small : Cleaned with backup (quarantined).

C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).

 

 

::Report end

 

Thanx

Share this post


Link to post
Share on other sites

Please scroll up and read! You are posting in someone else's topic and your logs will NOT be reviewed in this topic. You need to start your OWN NEW TOPIC. Also, as this is the Lavasoft Support Forums, you need to also post your Adaware scan log.

Share this post


Link to post
Share on other sites

Since this issue has been resolved for the original poster, I'll move this topic to the Resolved section.

 

For anyone reading this having similar issues, please feel free to start a new topic of your own. And please read this first:

Before Posting a HijackThis Log

http://www.lavasoftsupport.com/index.php?showtopic=660

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this