Jump to content

Can someone please check my HJT Log?


fakeeoghan

Recommended Posts

Well here it is:

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 19:00:27, on 06/11/2005

 

 

 

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINNT\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]

 

 

 

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]

 

 

 

C:\WINNT\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile]

 

 

 

C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\MSTask[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\mspmspsv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\tp4serv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\atiptaxx[Caution: ExecutableFile]

 

 

 

C:\WINNT\LTSMMSG[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\PRPCUI[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

 

 

 

C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

 

 

 

C:\WINNT\AGRSMMSG[Caution: ExecutableFile]

 

 

 

C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]

 

 

 

C:\Program Files\Libgrb\Xwsi[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

 

 

 

C:\Program Files\winupdates\winupdates[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\internat[Caution: ExecutableFile]

 

 

 

C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile]

 

 

 

C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]

 

 

 

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR[Caution: ExecutableFile]

 

 

 

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex[Caution: ExecutableFile]

 

 

 

C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile]

 

 

 

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

 

 

 

C:\Program Files\WinRAR\WinRAR[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;

 

 

 

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

 

 

 

F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile]

 

 

 

O1 - Hosts: 66.250.171.167 sitefinder.verisign.com

 

 

 

O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com

 

 

 

O1 - Hosts: 66.250.57.9 view.atdmt.com

 

 

 

O1 - Hosts: 66.250.57.9 click.atdmt.com

 

 

 

O1 - Hosts: 66.250.57.9 leader.linkexchange.com

 

 

 

O1 - Hosts: 66.250.57.9 pagead2.googlesyndication.com

 

 

 

O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINNT\dlmax.dll (file missing)

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)

 

 

 

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

 

 

 

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 

 

 

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll

 

 

 

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)

 

 

 

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: ExecutableFile] /logon

 

 

 

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK

 

 

 

O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min

 

 

 

O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT

 

 

 

O4 - HKLM\..\Run: [sountskmanager] sountaskmgr

 

 

 

O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

 

 

 

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [paywxengtj] C:\WINNT\system32\hzemdl[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [fweradggs] C:\WINNT\system32\fweradggs[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ntTJm] C:\WINNT\mwuxpcd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [wrstip] C:\WINNT\wrstip[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ntTJmÃÆÃâÃâú*ÃÆÃâÃâáaÃÆÃâÃâîÃÆââ¬Â¦ÃâþrgÃÆÃâÃâÃ

Link to comment
Share on other sites

ok forget what i said. plan b now.

 

 

 

 

 

 

 

Have you been clicking links in emails? it looks like you have. In other words I am concerned that you might have the sober.p virus and a few other trojans...

 

 

 

 

 

 

 

Please run full scans with Ad-Aware SE and Spybot-S&D as follows:

 

 

 

(If you already have Ad-Aware SE 1.06 and Spybot 1.4 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.)

 

 

 

 

 

 

 

Full Ad-Aware Scan

 

 

 

Please download Ad-Aware SE from here:

 

 

 

http://www.majorgeeks.com/download506.html

 

 

 

Install Ad-Aware and run it. In the bottom-right hand corner, click "Check for updates now". Click "Connect" to download the newest reference file.

 

 

 

 

 

 

 

Now we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:

 

 

 

1) Automatically save log-file

 

 

 

2) Automatically quarantine objects prior to removal

 

 

 

3) Safe Mode (always request confirmation)

 

 

 

 

 

 

 

Click the "Scanning" button on the left-hand side and make sure the following options are selected:

 

 

 

1) Scan within archives

 

 

 

2) Scan active processes

 

 

 

3) Scan registry

 

 

 

4) Deep scan registry

 

 

 

4) Scan my IE Favorites for banned URLs

 

 

 

5) Scan my Hosts file

 

 

 

 

 

 

 

Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:

 

 

 

1) Unload recognized processes & modules during scanning

 

 

 

2) Obtain command line of scanned processes

 

 

 

3) Scan registry for all users instead of current user only

 

 

 

 

 

 

 

Click on "Cleaning Engine" and make sure the following options are selected:

 

 

 

1) Always try to unload modules before deletion

 

 

 

2) During removal, unload Explorer and IE if necessary

 

 

 

3) Let Windows remove files in use at next reboot

 

 

 

4) Delete quarantined objects after restoring

 

 

 

 

 

 

 

Finally, click on "Safety Settings" and make sure the following options are selected:

 

 

 

1) Automatically select problematic objects in results lists

 

 

 

2) Write-protect system files after repair (Hosts file, etc)

 

 

 

 

 

 

 

Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom right side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects. Then please restart your computer.

 

 

 

 

 

 

 

 

 

 

 

Spybot Full Scan

 

 

 

Next, please download Spybot-S&D from here:

 

 

 

http://www.majorgeeks.com/download.php?det=2471

 

 

 

Install Spybot-S&D and run it. Select "Search for updates" and then select all available updates. Click on the drop-down box in the top center to choose a download location nearest to you. Then click "Download updates". When all updates have downloaded, close Spybot-S&D, and then run it again. Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems". Then please restart your computer again.

 

 

 

 

 

 

 

Then try this online virus scan:

 

 

 

 

 

 

 

Trend- Micro

 

 

 

 

 

 

 

Choose "fix" or "clean".

 

 

 

 

 

 

 

Let it remove any infections found.

 

 

 

 

 

 

 

Reboot and "copy/paste" a new Hijack This! log file into this thread.

Link to comment
Share on other sites

Wow, thanks for all that help. I do have Adaware and Spybot but I aslo share a computer with my sister :? .

 

 

 

 

 

 

 

I'm running adaware now although I couldn't find this part anywhere:

 

 

 

 

 

 

 

Finally, click on "Safety Settings" and make sure the following options are selected:

 

 

 

1) Automatically select problematic objects in results lists

 

 

 

2) Write-protect system files after repair (Hosts file, etc)

 

 

 

 

 

 

 

I also have an antivirus called AntiVir. When I try to open this I get a message saying something like "No viruses, trojans or spyware were found!".

 

 

 

This also happened when I tried to run HJT. Has me kinda worried...

Link to comment
Share on other sites

yeh not supprised at all.

 

 

 

 

 

 

 

I can see at least a trojan

 

 

 

1 sober.p varient (might be the "o")

 

 

 

a new virus that has just came out a few days ago. (doesn't have a name yet)

 

 

 

I decided not to continue analyzing it until you have ran the scans because it is soo bad.

 

 

 

 

 

 

 

Quote:

 

 

 

Finally, click on "Safety Settings" and make sure the following options are selected:

 

 

 

1) Automatically select problematic objects in results lists

 

 

 

2) Write-protect system files after repair (Hosts file, etc)

 

 

 

 

 

 

 

 

 

 

ok don't worry about that.

 

 

 

 

 

 

 

 

 

 

 

can you also run these online scans ontop of that one.

 

 

 

 

 

 

 

Please run the Housecall online virus scan located at:

 

 

 

http://housecall.trendmicro.com/houseca ... t_corp.asp

 

 

 

Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system.

 

 

 

When the scan is finished, please restart your computer.

 

 

 

 

 

 

 

Then please run the Panda scan here:

 

 

 

http://www.pandasoftware.com/products/a ... ncipal.htm

 

 

 

Choose to "Disinfect automatically," and follow the prompts. Delete any viruses found, and restart your computer.

 

 

 

 

 

 

 

Finally, please run the WindowSecurity trojan scan here:

 

 

 

http://www.windowsecurity.com/trojanscan/

 

 

 

Remove any trojans found, and restart your computer.

 

 

 

 

 

 

 

These should get rid of most of the bad entries.

 

 

 

 

 

 

 

If you cannot run HJT v1.99.1 you might want to try these (again it's taken from my canned speech so it might sound wrong):-

 

 

 

 

 

 

 

Here are a couple of steps to try and run HijackThis. Follow them in order. If one step doesn't work, continue to the next step:

 

 

 

 

 

 

 

Step # 1

 

 

 

 

 

 

 

Rename HijackThis[Caution: ExecutableFile] to H[Caution: ExecutableFile]. Try a scan. If it works, post the log back here. If not, proceed to the next step.

 

 

 

 

 

 

 

Step # 2

 

 

 

 

 

 

 

Go to this link and download the 1.98.2 version of HijackThis[Caution: ExecutableFile]:

 

 

 

 

 

 

 

hijackthis1.98.2

 

 

 

 

 

 

 

Try a scan. If it works, post the log back here. If not, proceed to the next step.

 

 

 

 

 

 

 

Step # 3

 

 

 

 

 

 

 

Click here and download Itty Bitty Process Manager (IBProcMan.zip): ibprocman.

 

 

 

 

 

 

 

Unzip it to it's own directory and try running it - it will provide a 'taskmanager' like process viewer in which you can stop running processes.

 

 

 

Don't stop any yet, just list all that it has so whe can check them and give advice. Post the list back here.

 

 

 

 

 

 

 

btw is your desktop looking normal (you know like has it got anything odd)?

Link to comment
Share on other sites

Thanks alot coltm4carbine, your canned speech was just fine although the panda link did not work. I'm running the windowsecurity trojan scan atm and have already run adaware, spybot and the trend micro one. After running all of these (except the Trojan scan one) windows task manager would still not open. The trend micro one found some things that it "could not access". Maybe thats the problem?

 

 

 

 

 

 

 

Anyway I'll finish up the scan that's running right now then post a new HJT log and we will see.

 

 

 

 

 

 

 

Thanks again. This advice has been very useful and I do appreciate you taking your time to put it together.

Link to comment
Share on other sites

After doing this scan; http://www.windowsecurity.com/trojanscan/ I am left with a list of files on my computer. Are these files after being deleted or is this scan just telling me what is wrong with my computer. there is red link under the list of files saying "To clean your computer and stay protected, click here to download a-squared Personal now!"

 

 

 

 

 

 

 

Do I have to click this for it to delete the viruses it found and if so, is it free??

Link to comment
Share on other sites

I think the trojan is gone. Task manager is opening fine as well as my antivirus and HJT. Here is the new HJT Log:

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 02:56:16, on 07/11/2005

 

 

 

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINNT\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]

 

 

 

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile]

 

 

 

C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\MSTask[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\mspmspsv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\tp4serv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\atiptaxx[Caution: ExecutableFile]

 

 

 

C:\WINNT\LTSMMSG[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\PRPCUI[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

 

 

 

C:\WINNT\AGRSMMSG[Caution: ExecutableFile]

 

 

 

C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile]

 

 

 

C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\internat[Caution: ExecutableFile]

 

 

 

C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile]

 

 

 

C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]

 

 

 

C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]

 

 

 

C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]

 

 

 

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR[Caution: ExecutableFile]

 

 

 

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex[Caution: ExecutableFile]

 

 

 

C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]

 

 

 

C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile]

 

 

 

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html

 

 

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;

 

 

 

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

 

 

 

F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile]

 

 

 

O1 - Hosts: 66.250.171.167 sitefinder.verisign.com

 

 

 

O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com

 

 

 

O1 - Hosts: 66.250.57.9 view.atdmt.com

 

 

 

O1 - Hosts: 66.250.57.9 click.atdmt.com

 

 

 

O1 - Hosts: 66.250.57.9 leader.linkexchange.com

 

 

 

O1 - Hosts: 66.250.57.9 pagead2.googlesyndication.com

 

 

 

O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINNT\dlmax.dll (file missing)

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)

 

 

 

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

 

 

 

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 

 

 

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll

 

 

 

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)

 

 

 

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: ExecutableFile] /logon

 

 

 

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK

 

 

 

O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min

 

 

 

O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT

 

 

 

O4 - HKLM\..\Run: [sountskmanager] sountaskmgr

 

 

 

O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

 

 

 

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [paywxengtj] C:\WINNT\system32\hzemdl[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [fweradggs] C:\WINNT\system32\fweradggs[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ntTJm] C:\WINNT\mwuxpcd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [wrstip] C:\WINNT\wrstip[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ntTJmÃÆÃâÃâú*ÃÆÃâÃâáaÃÆÃâÃâîÃÆââ¬Â¦ÃâþrgÃÆÃâÃâÃ

Link to comment
Share on other sites

Uninstall 'SpywareCleaner' as is is a dubious program which is probably the cause of the crap on your pc and not the fix

 

 

 

 

 

 

 

Ctrl+alt+del the following processes

 

 

 

 

 

 

 

C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile]

 

 

 

C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]

 

 

 

 

 

 

 

Fix the following

 

 

 

 

 

 

 

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

 

 

 

O1 - Hosts: 66.250.171.167 sitefinder.verisign.com

 

 

 

O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com

 

 

 

O1 - Hosts: 66.250.57.9 view.atdmt.com

 

 

 

O1 - Hosts: 66.250.57.9 click.atdmt.com

 

 

 

O1 - Hosts: 66.250.57.9 leader.linkexchange.com

 

 

 

O1 - Hosts: 66.250.57.9 pagead2.googlesyndication.com

 

 

 

O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINNT\dlmax.dll (file missing)

 

 

 

O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)

 

 

 

O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll

 

 

 

O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)

 

 

 

O4 - HKLM\..\Run: [paywxengtj] C:\WINNT\system32\hzemdl[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [fweradggs] C:\WINNT\system32\fweradggs[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ntTJm] C:\WINNT\mwuxpcd[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [wrstip] C:\WINNT\wrstip[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ntTJmÃÆÃâÃâú*ÃÆÃâÃâáaÃÆÃâÃâîÃÆââ¬Â¦ÃâþrgÃÆÃâÃâÃ

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

I deleted those things. I am still getting a message whenever I try to open my antivirus or HJT that says:

 

 

 

 

 

 

 

AntiVirus (thats the title)

 

 

 

No Viruses, Trojans or Spyware found!

 

 

 

Status: OK

 

 

 

 

 

 

 

I have to leave that message open and then try open HJT or my antivirus again. If I click ok or x the message it will just keep coming up when I click on HJT or my antivirus.

 

 

 

 

 

 

 

Here's my HJT Log once again:

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 12:24:18, on 07/11/2005

 

 

 

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINNT\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]

 

 

 

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile]

 

 

 

C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\MSTask[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile]

 

 

 

C:\WINNT\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\mspmspsv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\tp4serv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\atiptaxx[Caution: ExecutableFile]

 

 

 

C:\WINNT\LTSMMSG[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\PRPCUI[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

 

 

 

C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile]

 

 

 

C:\WINNT\regit[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

 

 

 

C:\WINNT\AGRSMMSG[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\internat[Caution: ExecutableFile]

 

 

 

C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile]

 

 

 

C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]

 

 

 

C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;

 

 

 

F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile]

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

 

 

 

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 

 

 

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: ExecutableFile] /logon

 

 

 

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK

 

 

 

O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min

 

 

 

O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT

 

 

 

O4 - HKLM\..\Run: [sountskmanager] sountaskmgr

 

 

 

O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

 

 

 

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ssAAD[Caution: ExecutableFile]] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [ WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr

 

 

 

O4 - HKCU\..\Run: [internat[Caution: ExecutableFile]] internat[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] /R

 

 

 

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [_WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [_WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]"

 

 

 

O4 - Global Startup: Download Demon.lnk = C:\Program Files\Netzip Download Demon\Netzip Download Demon[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

 

 

 

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b27571.cab

 

 

 

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab

 

 

 

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b27571.cab

 

 

 

O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/o ... winrep.cab

 

 

 

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4126470871

 

 

 

O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/softwar ... launch.cab

 

 

 

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b27571.cab

 

 

 

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

 

 

 

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

 

 

 

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab

 

 

 

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/defaul ... der_v6.cab

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{339C5575-6924-44D2-A335-9B73A7F4FDC4}: NameServer = 195.3.96.67 195.3.96.68

 

 

 

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

 

 

 

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

 

 

 

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

 

 

 

O18 - Filter: text/html - {5C13EB45-8423-4758-A45C-4FF84011705D} - C:\Documents and Settings\Admin\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat

 

 

 

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD[Caution: ExecutableFile]

 

 

 

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]

 

 

 

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]

 

 

 

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin[Caution: ExecutableFile]

 

 

 

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]

 

 

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINNT\system32\mousebm[Caution: ExecutableFile] (file missing)

 

 

 

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV[Caution: ExecutableFile]

 

 

 

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]" -sSQLEXPRESS (file missing)

 

 

 

O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo[Caution: ExecutableFile] (file missing)

 

 

 

O23 - Service: Network Associates Management Agent - Network Associates - C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]

 

 

 

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR[Caution: ExecutableFile]

 

 

 

O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]

 

 

 

O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]

 

 

 

O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]

 

 

 

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV[Caution: ExecutableFile]

 

 

 

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]

 

 

 

O23 - Service: System Messenger Service (WINSMSC) - Unknown owner - C:\WINNT\smsc[Caution: ExecutableFile] (file missing)

Link to comment
Share on other sites

i guess i should let him take over the log then cos i don't want what happened last time to be repeated.

 

 

 

 

 

 

 

ok using another canned speech for ewido security suite. might not be helpful but it should hopefully pick up any trojans that the other scanners have missed.

 

 

 

 

 

 

 

Welcome,

 

 

 

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

 

 

 

 

 

 

 

First:

 

 

 

Please download ewido security suite it is a trial version of the program.


  •  
     
     
    [*:1emcjs9n]Install ewido security suite
     
     
     
    [*:1emcjs9n]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
     
     
     
    [*:1emcjs9n]Launch ewido, there should be an icon on your desktop double-click it.
     
     
     
    [*:1emcjs9n]The program will prompt you to update click the OK button
     
     
     
    [*:1emcjs9n]The program will now go to the main screen

You will need to update ewido to the latest definition files.


  •  
     
     
    [*:1emcjs9n]On the left hand side of the main screen click update
     
     
     
    [*:1emcjs9n]Click on Start

The update will start and a progress bar will show the updates being installed.

 

 

 

Once the updates are installed do the following:


  •  
     
     
    [*:1emcjs9n]Click on scanner
     
     
     
    [*:1emcjs9n]Make sure the following boxes are checked before scanning:

    •  
       
       
      [*:1emcjs9n]Binder
       
       
       
      [*:1emcjs9n]Crypter
       
       
       
      [*:1emcjs9n]Archives

 

 

 

[*:1emcjs9n]Click on Start Scan

 

 

 

[*:1emcjs9n]Let the program scan the machine

While the scan is in progress you will be prompted to clean files, click OK

 

 

 

 

 

 

 

Once the scan has completed, there will be a button located on the bottom of the screen named Save report


  •  
     
     
    [*:1emcjs9n]Click Save report
     
     
     
    [*:1emcjs9n]Save the report to your desktop

Reboot your machine and post back a new HJT Log and the Ewido Scan .txt Log file you saved by using Add Reply

Link to comment
Share on other sites

I did the ewido scan and deleted everything it found. The log is below. I then ran HJT and that log is in the following post

 

 

 

 

 

 

 

---------------------------------------------------------

 

 

 

ewido security suite - Scan report

 

 

 

---------------------------------------------------------

 

 

 

 

 

 

 

+ Created on: 16:48:06, 08/11/2005

 

 

 

+ Report-Checksum: D1829270

 

 

 

 

 

 

 

+ Scan result:

 

 

 

 

 

 

 

HKLM\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\CLSID\{43E2DBE5-8C8A-4519-9684-8CD7F39A5147} -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\CLSID\{43E2DBE5-8C8A-4519-9684-8CD7F39A5147}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6} -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\CLSID\{DA3609D1-3E96-4726-A17F-30F46AE89726} -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\CLSID\{DA3609D1-3E96-4726-A17F-30F46AE89726}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj -> Spyware.BetterInternet : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj\CLSID -> Spyware.BetterInternet : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj\CLSID\\ -> Spyware.VX2 : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj\CurVer -> Spyware.BetterInternet : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj.1 -> Spyware.BetterInternet : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj.1\CLSID\\ -> Spyware.VX2 : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\GSDA.GSDACtl\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\GSDA.GSDACtl.1\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\IExplorr23.clsDW\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\IExplorr23.clsIS\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\IExplorr24.clsDW -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\IExplorr24.clsDW\Clsid -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\IExplorr24.clsDW\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\IExplorr24.clsIS\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\Interface\{338F1D89-A419-4C40-96E3-C29C978A7DF6} -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\Interface\{338F1D89-A419-4C40-96E3-C29C978A7DF6}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\Interface\{C08175C6-B2B2-47FC-AF1A-32F77A6CB673} -> Spyware.VX2 : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\Interface\{C08175C6-B2B2-47FC-AF1A-32F77A6CB673}\TypeLib\\ -> Spyware.VX2 : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\Interface\{CBD7E8BE-0E1E-441D-B133-E26F5636CCCF} -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\Interface\{CBD7E8BE-0E1E-441D-B133-E26F5636CCCF}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\Interface\{E41774F1-63E7-44ED-A03A-FF8422F9AFF0} -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\Interface\{E41774F1-63E7-44ED-A03A-FF8422F9AFF0}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\Interface\{FC385F81-0109-4FA8-AAD0-53B4A9A5DD2B} -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\Interface\{FC385F81-0109-4FA8-AAD0-53B4A9A5DD2B}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\TypeLib\{1620D17D-F2B5-43BE-8ED4-6B22E321D2A3} -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\TypeLib\{22CBCB4C-E9DF-4D25-86BC-FFDA4DF8FC06} -> Spyware.InetSpeak : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\TypeLib\{230C3786-1C2C-45BD-9D2D-9D277FCE6289} -> Spyware.VX2 : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\WinAdToolsX.Installer -> Spyware.BlazeFind : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\WinAdToolsX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\WinAdToolsX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\WinCommX.Installer -> Spyware.BlazeFind : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\WinCommX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Classes\WinCommX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/BM2.dll\\.Owner -> Spyware.VX2 : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/BM2.dll\\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/gsda.dll\\.Owner -> Spyware.GameSpyArcade : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1018.dll\\.Owner -> Spyware.Gator : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1018.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/Install.dll\\.Owner -> Spyware.CnsMin : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/Install.dll\\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ISTactivex.dll\\.Owner -> Spyware.ISTBar : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ISTactivex.dll\\{12398DD6-40AA-4C40-A4EC-A42CFC0DE797} -> Spyware.ISTBar : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MediaTicketsInstaller.ocx\\.Owner -> Spyware.PurityScan : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MediaTicketsInstaller.ocx\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdCtlX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdCtlX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdToolsX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdToolsX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinCommX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinCommX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/YSBactivex.dll\\.Owner -> Spyware.YourSiteBar : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/YSBactivex.dll\\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup

 

 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Cleaned with backup

 

 

 

HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup

 

 

 

HKLM\SOFTWARE\WildMedia\LicenseStores -> Spyware.MidAddle : Cleaned with backup

 

 

 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup

 

 

 

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup

 

 

 

HKU\S-1-5-21-527237240-764733703-1343024091-1000\Software\DLMax -> Spyware.BetterInternet : Cleaned with backup

 

 

 

HKU\S-1-5-21-527237240-764733703-1343024091-1000\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup

 

 

 

HKU\S-1-5-21-527237240-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup

 

 

 

C:\WINNT\system\UpdInstall[Caution: ExecutableFile] -> Spyware.VX2 : Cleaned with backup

 

 

 

C:\WINNT\Explor[Caution: ExecutableFile] -> Heuristic.Win32.Dialer : Cleaned with backup

 

 

 

C:\WINNT\CPU_[Caution: ExecutableFile] -> Dialer.Generic : Cleaned with backup

 

 

 

C:\WINNT\iLookup -> Adware.eZula : Cleaned with backup

 

 

 

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\BDAOUUFH\screen_photo[1].RB0/Screen_Photo.jpeg-graphic1[Caution: ExecutableFile] -> TrojanDropper.VB.iv : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\5WOJDXCT\screen_photo[1].RB0/Screen_Photo.jpeg-graphic1[Caution: ExecutableFile] -> TrojanDropper.VB.iv : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\6LRO9S7E\screen_photo[1].RB0/Screen_Photo.jpeg-graphic1[Caution: ExecutableFile] -> TrojanDropper.VB.iv : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\SV1FAQB1\mm[1].js -> Spyware.Chitika : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Cookies\admin@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Cookies\admin@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Cookies\admin@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Cookies\admin@oewabox[1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Cookies\admin@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup

 

 

 

:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup

 

 

 

:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup

 

 

 

:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup

 

 

 

:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup

 

 

 

:mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup

 

 

 

:mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup

 

 

 

:mozilla.25:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

 

 

 

:mozilla.26:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

 

 

 

:mozilla.27:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

 

 

 

:mozilla.28:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

 

 

 

:mozilla.29:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

 

 

 

:mozilla.30:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

 

 

 

:mozilla.31:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup

 

 

 

:mozilla.37:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup

 

 

 

:mozilla.44:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup

 

 

 

:mozilla.45:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup

 

 

 

:mozilla.46:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup

 

 

 

:mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.61:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.62:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.63:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.66:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.68:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.69:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.73:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.75:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.76:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup

 

 

 

:mozilla.77:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.78:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup

 

 

 

:mozilla.79:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup

 

 

 

:mozilla.80:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.81:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.82:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.83:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.84:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.85:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.86:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.87:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.88:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.89:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.90:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.91:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.92:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.93:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.94:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.95:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.96:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.97:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.98:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.99:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.100:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.101:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.102:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.103:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.104:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.105:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.106:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.108:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.110:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.111:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.112:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.113:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.114:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.115:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.116:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.117:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.118:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.119:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.120:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.121:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.122:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.123:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.124:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.125:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.126:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.127:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup

 

 

 

:mozilla.142:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Oewabox : Cleaned with backup

 

 

 

:mozilla.154:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup

 

 

 

:mozilla.169:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup

 

 

 

:mozilla.170:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup

 

 

 

:mozilla.171:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup

 

 

 

:mozilla.172:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup

 

 

 

:mozilla.173:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup

 

 

 

:mozilla.174:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup

 

 

 

:mozilla.175:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup

 

 

 

:mozilla.176:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup

 

 

 

:mozilla.177:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup

 

 

 

:mozilla.179:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

 

 

 

:mozilla.180:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

 

 

 

:mozilla.181:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup

 

 

 

:mozilla.183:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup

 

 

 

:mozilla.185:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup

 

 

 

:mozilla.186:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup

 

 

 

:mozilla.187:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

 

 

 

:mozilla.188:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

 

 

 

:mozilla.189:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

 

 

 

:mozilla.190:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

 

 

 

:mozilla.191:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

 

 

 

:mozilla.192:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

 

 

 

:mozilla.193:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

 

 

 

:mozilla.194:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

 

 

 

:mozilla.195:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

 

 

 

:mozilla.196:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup

 

 

 

:mozilla.214:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup

 

 

 

:mozilla.215:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

 

 

 

:mozilla.216:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup

 

 

 

:mozilla.217:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

 

 

 

:mozilla.218:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup

 

 

 

:mozilla.219:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup

 

 

 

:mozilla.220:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

 

 

 

:mozilla.221:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

 

 

 

:mozilla.222:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

 

 

 

:mozilla.224:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.225:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.226:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.243:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup

 

 

 

:mozilla.255:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

 

 

 

:mozilla.256:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

 

 

 

:mozilla.257:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

 

 

 

:mozilla.258:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

 

 

 

:mozilla.259:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

 

 

 

:mozilla.260:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

 

 

 

:mozilla.268:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup

 

 

 

:mozilla.269:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup

 

 

 

:mozilla.270:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup

 

 

 

:mozilla.303:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup

 

 

 

:mozilla.312:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.320:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

 

 

 

:mozilla.324:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup

 

 

 

:mozilla.327:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup

 

 

 

:mozilla.342:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup

 

 

 

:mozilla.348:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup

 

 

 

:mozilla.349:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup

 

 

 

:mozilla.350:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup

 

 

 

:mozilla.354:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup

 

 

 

:mozilla.356:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup

 

 

 

:mozilla.376:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup

 

 

 

:mozilla.378:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup

 

 

 

:mozilla.379:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup

 

 

 

:mozilla.380:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup

 

 

 

:mozilla.381:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup

 

 

 

:mozilla.382:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup

 

 

 

:mozilla.436:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup

 

 

 

:mozilla.444:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup

 

 

 

:mozilla.462:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.463:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.470:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.472:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.486:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

 

 

 

:mozilla.487:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

 

 

 

:mozilla.488:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

 

 

 

:mozilla.489:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup

 

 

 

:mozilla.496:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.497:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.510:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup

 

 

 

:mozilla.511:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup

 

 

 

:mozilla.512:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup

 

 

 

:mozilla.513:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup

 

 

 

:mozilla.514:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup

 

 

 

:mozilla.515:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup

 

 

 

:mozilla.516:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup

 

 

 

:mozilla.518:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup

 

 

 

:mozilla.547:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup

 

 

 

:mozilla.571:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

 

 

 

:mozilla.572:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

 

 

 

:mozilla.573:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

 

 

 

:mozilla.574:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

 

 

 

:mozilla.575:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

 

 

 

:mozilla.576:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup

 

 

 

:mozilla.605:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Popularix : Cleaned with backup

 

 

 

:mozilla.607:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.654:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

 

 

 

:mozilla.655:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

 

 

 

:mozilla.656:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

 

 

 

:mozilla.657:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup

 

 

 

:mozilla.659:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup

 

 

 

:mozilla.667:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup

 

 

 

:mozilla.668:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup

 

 

 

:mozilla.709:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup

 

 

 

:mozilla.716:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup

 

 

 

:mozilla.717:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup

 

 

 

:mozilla.718:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup

 

 

 

:mozilla.719:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup

 

 

 

:mozilla.756:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup

 

 

 

:mozilla.760:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.763:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.780:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.781:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.811:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup

 

 

 

:mozilla.813:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup

 

 

 

:mozilla.814:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup

 

 

 

:mozilla.815:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup

 

 

 

:mozilla.816:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup

 

 

 

:mozilla.824:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.825:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.826:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.827:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.861:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup

 

 

 

:mozilla.866:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup

 

 

 

:mozilla.886:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

 

 

 

:mozilla.889:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\SWAT 4 + patch1.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Splinter Cell - Chaos Theory.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\10 Secrets To Great Sex - Secret 3.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Age of Mythology The Titans.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Symantec Norton Ghost 10.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Paris Dakar Rally.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\BlackICE PC Protection 3.6com.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\SWAT 4.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Transporter 2.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Trend Micro Pattern File 2.773.00.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Camtasia Studio 3.01.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\DEKSI Network Inventory 4.4.2.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Splinter Cell Pandora Tommorow.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Adobe Premier Pro 7.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Doom (2005) The.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\MP3 Audio Sound Recorder 1.32.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Avast Antivirus Pro 4.6.691.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\PC-Cillin Internet Security 2006.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Symantec Norton Mega Pack.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Auto MP3 Player 1.26.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\BeFaster 3.55.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\McAfee Virus Definitions 4555.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\3d Studio Max 8.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Elizabethtown.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Delta Force Xtreme + patch 1.6.5.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\The Myth (2005).RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Powerdvd Copy 1.0.0.701.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Aurora Video VCDDVD Converter&Crea.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Aurora Media Workshop 2.4.16.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Power Video Converter 1.4.11.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Plato DVD Ripper 1.30.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Archivarius 3000 3.23.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Easy DVD Clone 3.0.4.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Absolute Video Converter 2.5.6.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Game XP 1.5.8.10.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\NewsReactor 1.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\Easy GIF Animator 3.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\ImTOO DVD Audio Ripper 2.0.55.801.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\ImTOO 3GP Video Converter 2.1.50.810b.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Documents and Settings\Admin\Complete\ImTOO AVI MPEG Converter 2.1.50.810b.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup

 

 

 

C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile] -> Adware.MediaAccess : Cleaned with backup

 

 

 

C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup

 

 

 

C:\Program Files\AVPersonal\INFECTED\MSBB[Caution: ExecutableFile].VIR -> Spyware.180Solutions : Cleaned with backup

 

 

 

C:\Program Files\AVPersonal\INFECTED\ANI[1].ANR.VIR -> TrojanDownloader.Ani.c : Cleaned with backup

 

 

 

C:\Program Files\AVPersonal\INFECTED\M11[1].JPG.VIR/y.bat -> Trojan.Zapchast : Cleaned with backup

 

 

 

C:\Program Files\winupdates\a.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup

 

 

 

 

 

 

 

 

 

 

 

::Report End

Link to comment
Share on other sites

And here's the HJT log for after the ewido scan:

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 16:49:23, on 08/11/2005

 

 

 

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINNT\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]

 

 

 

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]

 

 

 

C:\WINNT\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile]

 

 

 

C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\MSTask[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\mspmspsv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\tp4serv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\atiptaxx[Caution: ExecutableFile]

 

 

 

C:\WINNT\LTSMMSG[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\PRPCUI[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

 

 

 

C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

 

 

 

C:\WINNT\AGRSMMSG[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\internat[Caution: ExecutableFile]

 

 

 

C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile]

 

 

 

C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]

 

 

 

C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]

 

 

 

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR[Caution: ExecutableFile]

 

 

 

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\NOTEPAD[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile]

 

 

 

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;

 

 

 

F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile]

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

 

 

 

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 

 

 

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: ExecutableFile] /logon

 

 

 

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK

 

 

 

O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min

 

 

 

O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT

 

 

 

O4 - HKLM\..\Run: [sountskmanager] sountaskmgr

 

 

 

O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

 

 

 

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ssAAD[Caution: ExecutableFile]] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [ WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr

 

 

 

O4 - HKCU\..\Run: [internat[Caution: ExecutableFile]] internat[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] /R

 

 

 

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [_WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [_WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]"

 

 

 

O4 - Global Startup: Download Demon.lnk = C:\Program Files\Netzip Download Demon\Netzip Download Demon[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

 

 

 

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b27571.cab

 

 

 

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab

 

 

 

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b27571.cab

 

 

 

O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/o ... winrep.cab

 

 

 

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4126470871

 

 

 

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b27571.cab

 

 

 

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

 

 

 

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

 

 

 

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab

 

 

 

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/defaul ... der_v6.cab

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{339C5575-6924-44D2-A335-9B73A7F4FDC4}: NameServer = 195.3.96.67 195.3.96.68

 

 

 

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

 

 

 

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

 

 

 

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

 

 

 

O18 - Filter: text/html - {5C13EB45-8423-4758-A45C-4FF84011705D} - C:\Documents and Settings\Admin\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat

 

 

 

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD[Caution: ExecutableFile]

 

 

 

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]

 

 

 

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]

 

 

 

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin[Caution: ExecutableFile]

 

 

 

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]

 

 

 

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]

 

 

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINNT\system32\mousebm[Caution: ExecutableFile] (file missing)

 

 

 

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV[Caution: ExecutableFile]

 

 

 

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]" -sSQLEXPRESS (file missing)

 

 

 

O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo[Caution: ExecutableFile] (file missing)

 

 

 

O23 - Service: Network Associates Management Agent - Network Associates - C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]

 

 

 

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR[Caution: ExecutableFile]

 

 

 

O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]

 

 

 

O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]

 

 

 

O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]

 

 

 

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV[Caution: ExecutableFile]

 

 

 

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]

 

 

 

O23 - Service: System Messenger Service (WINSMSC) - Unknown owner - C:\WINNT\smsc[Caution: ExecutableFile] (file missing)

Link to comment
Share on other sites

Your computer is a lot worst than i thought it would be... how long have this error message about your AV been popping up?

 

 

 

 

 

 

 

If you disable "sountaskmgr or sountaskmgr[Caution: ExecutableFile]" does the error message still pop up?

 

 

 

 

 

 

 

suprisingly the unindentified trojan/ worm is still here... and i am sure it is bad but i won't fix it incase i am wrong.

 

 

 

 

 

 

 

ok another canned speech this time for submitting a file see if it comes back negative.

 

 

 

I am a bit suprised that they still haven't found out the trojan/ worm from the online scans.

 

 

 

 

 

 

 

If you know it, tell me what it is and if not, please can you also submit the following file to one of these online file scanners.

 

 

 

 

 

 

 

Be sure you're able to view hidden files , and find the following files/ folders in bold (if found) and send it to the online scanner listed below:

 

 

 

 

 

 

 

sountaskmgr (most like to be somewhere in the C:\WINDOWS\System32 folder but i won't count on it.)

 

 

 

 

 

 

 

Jotti File Scan
 
 
 
VirusTotal File Scan
 
 
 

 

 

 

 

 

 

 

This will produce a report after the scan is complete, please copy and paste those results in your next post.

 

 

 

 

 

 

 

After that you will need to rehide the files.

 

 

 

 

 

 

 

see if it comes back with anything.

 

 

 

 

 

 

 

forget that link its not going to help if you use symantec. McAfee only.

Link to comment
Share on other sites

opps i think i clicked on a bad link while looking at your first log. nvm.

 

 

 

 

 

 

 

yeh soz i meant C:\WINNT\System32.

 

 

 

 

 

 

 

ok fix that 04 line too. it should come out bad anyway. I did want you to send it to webimmune to get it analyzed by hand but nvm- thats for McAfee users only (link i got anyway).

 

 

 

 

 

 

 

omfg i don't beieve this... i forgot to press submit. anyway heres the reply like half and hour ago.

Link to comment
Share on other sites

Mmm i think i'll leave the "expert" to carry on with this help thread then...

612d9da508.png

Mercifull.png

Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

Link to comment
Share on other sites

ok can you post a new hijack this log?

 

 

 

 

 

 

 

if you disable sountaskmgr from the task manager (ctrl+alt+delete) does the

 

 

 

 

 

 

 

"AntiVirus (thats the title)

 

 

 

No Viruses, Trojans or Spyware found!

 

 

 

Status: OK"

 

 

 

 

 

 

 

still appear?

 

 

 

 

 

 

 

:( i was gonna let mercifull take over once i have sorted out the main infections - i will be on holiday soon and i won't have a pc.

 

 

 

 

 

 

 

besides mercifull will know a lot more than me.

Link to comment
Share on other sites

The message still appears and I cannot find that soundtaskmgr in the task manager's list of processes. Here's the new HJT Log.

 

 

 

 

 

 

 

Logfile of HijackThis v1.99.1

 

 

 

Scan saved at 17:43:46, on 10/11/2005

 

 

 

Platform: Windows 2000 SP4 (WinNT 5.00.2195)

 

 

 

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

 

 

 

 

 

 

Running processes:

 

 

 

C:\WINNT\System32\smss[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\winlogon[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\services[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\lsass[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\spoolsv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]

 

 

 

C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]

 

 

 

c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]

 

 

 

C:\WINNT\Explorer[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile]

 

 

 

C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\MSTask[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile]

 

 

 

C:\WINNT\System32\mspmspsv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\svchost[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\tp4serv[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\atiptaxx[Caution: ExecutableFile]

 

 

 

C:\WINNT\LTSMMSG[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\PRPCUI[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

 

 

 

C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]

 

 

 

C:\WINNT\AGRSMMSG[Caution: ExecutableFile]

 

 

 

C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]

 

 

 

C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]

 

 

 

C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]

 

 

 

C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

 

 

 

C:\WINNT\system32\internat[Caution: ExecutableFile]

 

 

 

C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile]

 

 

 

C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]

 

 

 

C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]

 

 

 

C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]

 

 

 

C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]

 

 

 

C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]

 

 

 

C:\2003\AUSTIN\Eoghan\runescape stuff\runescape[Caution: ExecutableFile]

 

 

 

C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile]

 

 

 

 

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html

 

 

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080

 

 

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;

 

 

 

F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile]

 

 

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

 

 

 

O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll

 

 

 

O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 

 

 

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx

 

 

 

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

 

 

 

O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [synchronization Manager] mobsync[Caution: ExecutableFile] /logon

 

 

 

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK

 

 

 

O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min

 

 

 

O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT

 

 

 

O4 - HKLM\..\Run: [sountskmanager] sountaskmgr

 

 

 

O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot

 

 

 

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ssAAD[Caution: ExecutableFile]] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [ WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"

 

 

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime

 

 

 

O4 - HKLM\..\Run: [ WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

 

 

 

O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr

 

 

 

O4 - HKCU\..\Run: [internat[Caution: ExecutableFile]] internat[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] /R

 

 

 

O4 - HKCU\..\Run: [spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q

 

 

 

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background

 

 

 

O4 - HKCU\..\Run: [_WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [_WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]

 

 

 

O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]"

 

 

 

O4 - Global Startup: Download Demon.lnk = C:\Program Files\Netzip Download Demon\Netzip Download Demon[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]

 

 

 

O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare[Caution: ExecutableFile]

 

 

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000

 

 

 

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

 

 

 

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll

 

 

 

O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll

 

 

 

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

 

 

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b27571.cab

 

 

 

O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b30149.cab

 

 

 

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b27571.cab

 

 

 

O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.one.microsoft.com/o ... winrep.cab

 

 

 

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

 

 

 

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 4126470871

 

 

 

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005 ... scan53.cab

 

 

 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b27571.cab

 

 

 

O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promot ... WebAAS.cab

 

 

 

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZI ... b34246.cab

 

 

 

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab

 

 

 

O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.ne ... tector.cab

 

 

 

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/defaul ... der_v6.cab

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

 

 

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{339C5575-6924-44D2-A335-9B73A7F4FDC4}: NameServer = 195.3.96.67 195.3.96.68

 

 

 

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

 

 

 

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com

 

 

 

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

 

 

 

O18 - Filter: text/html - {5C13EB45-8423-4758-A45C-4FF84011705D} - C:\Documents and Settings\Admin\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat

 

 

 

O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD[Caution: ExecutableFile]

 

 

 

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]

 

 

 

O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]

 

 

 

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]

 

 

 

O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin[Caution: ExecutableFile]

 

 

 

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]

 

 

 

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]

 

 

 

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]

 

 

 

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]

 

 

 

O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINNT\system32\mousebm[Caution: ExecutableFile] (file missing)

 

 

 

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV[Caution: ExecutableFile]

 

 

 

O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]" -sSQLEXPRESS (file missing)

 

 

 

O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo[Caution: ExecutableFile] (file missing)

 

 

 

O23 - Service: Network Associates Management Agent - Network Associates - C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]

 

 

 

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR[Caution: ExecutableFile]

 

 

 

O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]

 

 

 

O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]

 

 

 

O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]

 

 

 

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV[Caution: ExecutableFile]

 

 

 

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]

 

 

 

O23 - Service: System Messenger Service (WINSMSC) - Unknown owner - C:\WINNT\smsc[Caution: ExecutableFile] (file missing)

Link to comment
Share on other sites

The message still appears and I cannot find that soundtaskmgr in the task manager's list of processes.

 

 

 

 

 

 

 

thats because it is sountaskmgr (<- notice the missing "d")

 

 

 

 

 

 

 

ok no worries.

 

 

 

 

 

 

 

do you know what ECO-CEE.at.schneider-electric.com is?

 

 

 

 

 

 

 

Same canned speech as before- i don't know what you have been doing but to me it's getting worst.

 

 

 

 

 

 

 

W32/Sober.r@MM mass-mailing worm- don't open attachments in email!!!

 

 

 

W32/Sdbot-ACG worm.

 

 

 

 

 

 

 

first try and update your computer- lots of Vulnerabilities.

 

 

 

 

 

 

 

after the update(s) then can you do this (i know you have already done this but i am not convinced your computer is clean from viruses):

 

 

 

 

 

 

 

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

 

 

 

 

 

 

 

+++++

 

 

 

 

 

 

 

If you are unable to run the activeX Antivirus Scanners, lets try this Java based solution from Trend Micro.

 

 

 

 

 

 

 

After those scans (again) downlod this: Stinger. run it.

 

 

 

 

 

 

 

after all that post back a new log.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.