Jump to content

Welcome to Rune Tips, the first ever RuneScape help site. We aim to offer skill guides, quest guides, maps, calculators, informative databases, tips, and much more to help you get the most from the Massive Online Adventure Game, RuneScape, by Jagex Ltd © 2009.

Report Ad

Welcome to Forum.Tip.It
Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. If you already have an account, login here - otherwise create an account for free today!
Photo

Can someone please check my HJT Log?


  • Please log in to reply
21 replies to this topic

#1
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
Well here it is:







Logfile of HijackThis v1.99.1



Scan saved at 19:00:27, on 06/11/2005



Platform: Windows 2000 SP4 (WinNT 5.00.2195)



MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)







Running processes:



C:\WINNT\System32\smss[Caution: ExecutableFile]



C:\WINNT\system32\winlogon[Caution: ExecutableFile]



C:\WINNT\system32\services[Caution: ExecutableFile]



C:\WINNT\system32\lsass[Caution: ExecutableFile]



C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]



C:\WINNT\system32\svchost[Caution: ExecutableFile]



C:\WINNT\System32\svchost[Caution: ExecutableFile]



C:\WINNT\system32\spoolsv[Caution: ExecutableFile]



C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]



C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]



C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]



c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]



C:\WINNT\Explorer[Caution: ExecutableFile]



C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]



C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile]



C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]



C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]



C:\WINNT\system32\MSTask[Caution: ExecutableFile]



C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]



C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile]



C:\WINNT\System32\mspmspsv[Caution: ExecutableFile]



C:\WINNT\system32\svchost[Caution: ExecutableFile]



C:\WINNT\system32\tp4serv[Caution: ExecutableFile]



C:\WINNT\system32\atiptaxx[Caution: ExecutableFile]



C:\WINNT\LTSMMSG[Caution: ExecutableFile]



C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]



C:\WINNT\system32\PRPCUI[Caution: ExecutableFile]



C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]



C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile]



C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]



C:\WINNT\AGRSMMSG[Caution: ExecutableFile]



C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]



C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]



C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile]



C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]



C:\Program Files\Libgrb\Xwsi[Caution: ExecutableFile]



C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]



C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]



C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]



C:\Program Files\winupdates\winupdates[Caution: ExecutableFile]



C:\WINNT\system32\internat[Caution: ExecutableFile]



C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile]



C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]



C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]



C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]



C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR[Caution: ExecutableFile]



C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex[Caution: ExecutableFile]



C:\Program Files\AVPersonal\AVGNT[Caution: ExecutableFile]



C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]



C:\Program Files\WinRAR\WinRAR[Caution: ExecutableFile]



C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile]







R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =



R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;



R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)



F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile]



O1 - Hosts: 66.250.171.167 sitefinder.verisign.com



O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com



O1 - Hosts: 66.250.57.9 view.atdmt.com



O1 - Hosts: 66.250.57.9 click.atdmt.com



O1 - Hosts: 66.250.57.9 leader.linkexchange.com



O1 - Hosts: 66.250.57.9 pagead2.googlesyndication.com



O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINNT\dlmax.dll (file missing)



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx



O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)



O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll



O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll



O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx



O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll



O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll



O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)



O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile]



O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile]



O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Synchronization Manager] mobsync[Caution: ExecutableFile] /logon



O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile]



O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile]



O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK



O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min



O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT



O4 - HKLM\..\Run: [sountskmanager] sountaskmgr



O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot



O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile]



O4 - HKLM\..\Run: [paywxengtj] C:\WINNT\system32\hzemdl[Caution: ExecutableFile]



O4 - HKLM\..\Run: [fweradggs] C:\WINNT\system32\fweradggs[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ntTJm] C:\WINNT\mwuxpcd[Caution: ExecutableFile]



O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]



O4 - HKLM\..\Run: [wrstip] C:\WINNT\wrstip[Caution: ExecutableFile]



O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ntTJmú*áaîžrgÃÂÂ

#2
coltm4carbine
[ Display Name History ]

coltm4carbine

    Bear Fur

  • Members
  • 258 posts
  • Location:England
  • Joined:12 October 2005
ok forget what i said. plan b now.







Have you been clicking links in emails? it looks like you have. In other words I am concerned that you might have the sober.p virus and a few other trojans...







Please run full scans with Ad-Aware SE and Spybot-S&D as follows:



(If you already have Ad-Aware SE 1.06 and Spybot 1.4 installed, you can skip the installation steps. If you don't, please uninstall your old versions and install the new ones from the links below.)







Full Ad-Aware Scan



Please download Ad-Aware SE from here:



http://www.majorgeek...ownload506.html



Install Ad-Aware and run it. In the bottom-right hand corner, click "Check for updates now". Click "Connect" to download the newest reference file.







Now we will configure Ad-Aware to perform a full scan. In the Ad-Aware main window, click on the gear icon at the top of the screen to open the preferences window. In the "General" window, make sure the following options are selected:



1) Automatically save log-file



2) Automatically quarantine objects prior to removal



3) Safe Mode (always request confirmation)







Click the "Scanning" button on the left-hand side and make sure the following options are selected:



1) Scan within archives



2) Scan active processes



3) Scan registry



4) Deep scan registry



4) Scan my IE Favorites for banned URLs



5) Scan my Hosts file







Please also click on "Select drives & folders to scan" and select your hard drive(s). Then click the "Advanced" button on the left-hand side and make sure all the options under "Log-file Detail Level" are selected. Next, click the "Tweak" button on the left-hand side. Click on "Scanning Engine" and make sure the following options are selected:



1) Unload recognized processes & modules during scanning



2) Obtain command line of scanned processes



3) Scan registry for all users instead of current user only







Click on "Cleaning Engine" and make sure the following options are selected:



1) Always try to unload modules before deletion



2) During removal, unload Explorer and IE if necessary



3) Let Windows remove files in use at next reboot



4) Delete quarantined objects after restoring







Finally, click on "Safety Settings" and make sure the following options are selected:



1) Automatically select problematic objects in results lists



2) Write-protect system files after repair (Hosts file, etc)







Click on "Proceed" to save the preferences. Then please click the "Start" button on the bottom right side to begin a scan. Select "Use custom scanning options" and then click "Next". Ad-Aware will then scan for malware. When it is finished, make sure any objects listed in RED are selected and click "Next" to remove the objects. Then please restart your computer.











Spybot Full Scan



Next, please download Spybot-S&D from here:



http://www.majorgeek...ad.php?det=2471



Install Spybot-S&D and run it. Select "Search for updates" and then select all available updates. Click on the drop-down box in the top center to choose a download location nearest to you. Then click "Download updates". When all updates have downloaded, close Spybot-S&D, and then run it again. Click on "Check for problems". When the scan has finished, select any entries listed in red and click "Fix selected problems". Then please restart your computer again.







Then try this online virus scan:







Trend- Micro







Choose "fix" or "clean".







Let it remove any infections found.







Reboot and "copy/paste" a new Hijack This! log file into this thread.

#3
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
Wow, thanks for all that help. I do have Adaware and Spybot but I aslo share a computer with my sister :? .







I'm running adaware now although I couldn't find this part anywhere:







Finally, click on "Safety Settings" and make sure the following options are selected:



1) Automatically select problematic objects in results lists



2) Write-protect system files after repair (Hosts file, etc)








I also have an antivirus called AntiVir. When I try to open this I get a message saying something like "No viruses, trojans or spyware were found!".



This also happened when I tried to run HJT. Has me kinda worried...

#4
coltm4carbine
[ Display Name History ]

coltm4carbine

    Bear Fur

  • Members
  • 258 posts
  • Location:England
  • Joined:12 October 2005
yeh not supprised at all.







I can see at least a trojan



1 sober.p varient (might be the "o")



a new virus that has just came out a few days ago. (doesn't have a name yet)



I decided not to continue analyzing it until you have ran the scans because it is soo bad.







Quote:



Finally, click on "Safety Settings" and make sure the following options are selected:



1) Automatically select problematic objects in results lists



2) Write-protect system files after repair (Hosts file, etc)










ok don't worry about that.











can you also run these online scans ontop of that one.







Please run the Housecall online virus scan located at:



http://housecall.tre... ... t_corp.asp



Follow the prompts to scan your hard drive for viruses. Select the "Autoclean" option so that Housecall will remove any viruses from your system.



When the scan is finished, please restart your computer.







Then please run the Panda scan here:



http://www.pandasoft... ... ncipal.htm



Choose to "Disinfect automatically," and follow the prompts. Delete any viruses found, and restart your computer.







Finally, please run the WindowSecurity trojan scan here:



http://www.windowsec...com/trojanscan/



Remove any trojans found, and restart your computer.







These should get rid of most of the bad entries.







If you cannot run HJT v1.99.1 you might want to try these (again it's taken from my canned speech so it might sound wrong):-







Here are a couple of steps to try and run HijackThis. Follow them in order. If one step doesn't work, continue to the next step:







Step # 1







Rename HijackThis[Caution: ExecutableFile] to H[Caution: ExecutableFile]. Try a scan. If it works, post the log back here. If not, proceed to the next step.







Step # 2







Go to this link and download the 1.98.2 version of HijackThis[Caution: ExecutableFile]:







hijackthis1.98.2







Try a scan. If it works, post the log back here. If not, proceed to the next step.







Step # 3







Click here and download Itty Bitty Process Manager (IBProcMan.zip): ibprocman.







Unzip it to it's own directory and try running it - it will provide a 'taskmanager' like process viewer in which you can stop running processes.



Don't stop any yet, just list all that it has so whe can check them and give advice. Post the list back here.







btw is your desktop looking normal (you know like has it got anything odd)?

#5
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
I will do all of those scans. My desktop looks ok but I have not been able to open the task manager and the computer has been kind of slow for the last day or two.

#6
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
Thanks alot coltm4carbine, your canned speech was just fine although the panda link did not work. I'm running the windowsecurity trojan scan atm and have already run adaware, spybot and the trend micro one. After running all of these (except the Trojan scan one) windows task manager would still not open. The trend micro one found some things that it "could not access". Maybe thats the problem?







Anyway I'll finish up the scan that's running right now then post a new HJT log and we will see.







Thanks again. This advice has been very useful and I do appreciate you taking your time to put it together.

#7
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
After doing this scan; http://www.windowsec...com/trojanscan/ I am left with a list of files on my computer. Are these files after being deleted or is this scan just telling me what is wrong with my computer. there is red link under the list of files saying "To clean your computer and stay protected, click here to download a-squared Personal now!"







Do I have to click this for it to delete the viruses it found and if so, is it free??

#8
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
I think the trojan is gone. Task manager is opening fine as well as my antivirus and HJT. Here is the new HJT Log:







Logfile of HijackThis v1.99.1



Scan saved at 02:56:16, on 07/11/2005



Platform: Windows 2000 SP4 (WinNT 5.00.2195)



MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)







Running processes:



C:\WINNT\System32\smss[Caution: ExecutableFile]



C:\WINNT\system32\winlogon[Caution: ExecutableFile]



C:\WINNT\system32\services[Caution: ExecutableFile]



C:\WINNT\system32\lsass[Caution: ExecutableFile]



C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]



C:\WINNT\system32\svchost[Caution: ExecutableFile]



C:\WINNT\System32\svchost[Caution: ExecutableFile]



C:\WINNT\system32\spoolsv[Caution: ExecutableFile]



C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]



C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]



c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]



C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]



C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile]



C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]



C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]



C:\WINNT\system32\MSTask[Caution: ExecutableFile]



C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]



C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile]



C:\WINNT\System32\mspmspsv[Caution: ExecutableFile]



C:\WINNT\system32\svchost[Caution: ExecutableFile]



C:\WINNT\Explorer[Caution: ExecutableFile]



C:\WINNT\system32\tp4serv[Caution: ExecutableFile]



C:\WINNT\system32\atiptaxx[Caution: ExecutableFile]



C:\WINNT\LTSMMSG[Caution: ExecutableFile]



C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]



C:\WINNT\system32\PRPCUI[Caution: ExecutableFile]



C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]



C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]



C:\WINNT\AGRSMMSG[Caution: ExecutableFile]



C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile]



C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]



C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]



C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]



C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]



C:\WINNT\system32\internat[Caution: ExecutableFile]



C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile]



C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]



C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]



C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]



C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]



C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]



C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR[Caution: ExecutableFile]



C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex[Caution: ExecutableFile]



C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]



C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile]



C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]



C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile]







R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/



R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html



R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;



R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)



F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile]



O1 - Hosts: 66.250.171.167 sitefinder.verisign.com



O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com



O1 - Hosts: 66.250.57.9 view.atdmt.com



O1 - Hosts: 66.250.57.9 click.atdmt.com



O1 - Hosts: 66.250.57.9 leader.linkexchange.com



O1 - Hosts: 66.250.57.9 pagead2.googlesyndication.com



O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINNT\dlmax.dll (file missing)



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx



O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)



O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll



O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll



O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx



O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll



O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll



O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)



O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile]



O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile]



O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Synchronization Manager] mobsync[Caution: ExecutableFile] /logon



O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile]



O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile]



O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK



O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min



O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT



O4 - HKLM\..\Run: [sountskmanager] sountaskmgr



O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot



O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile]



O4 - HKLM\..\Run: [paywxengtj] C:\WINNT\system32\hzemdl[Caution: ExecutableFile]



O4 - HKLM\..\Run: [fweradggs] C:\WINNT\system32\fweradggs[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ntTJm] C:\WINNT\mwuxpcd[Caution: ExecutableFile]



O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]



O4 - HKLM\..\Run: [wrstip] C:\WINNT\wrstip[Caution: ExecutableFile]



O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ntTJmú*áaîžrgÃÂÂ

#9
Mercifull
[ Display Name History ]

Mercifull

    Post Junkie

  • Members
  • 16,130 posts
  • Gender:Male
  • Location:In a house where everything is coated in cat fur
  • Joined:18 June 2004
  • RuneScape Status:P2P
  • RSN:Mercifull
  • Clan:Tip.It
Uninstall 'SpywareCleaner' as is is a dubious program which is probably the cause of the crap on your pc and not the fix







Ctrl+alt+del the following processes







C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile]



C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]







Fix the following







R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)



O1 - Hosts: 66.250.171.167 sitefinder.verisign.com



O1 - Hosts: 66.250.171.167 sitefinder-idn.verisign.com



O1 - Hosts: 66.250.57.9 view.atdmt.com



O1 - Hosts: 66.250.57.9 click.atdmt.com



O1 - Hosts: 66.250.57.9 leader.linkexchange.com



O1 - Hosts: 66.250.57.9 pagead2.googlesyndication.com



O2 - BHO: DLMaxObj Class - {00000000-59D4-4008-9058-080011001200} - C:\WINNT\dlmax.dll (file missing)



O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)



O3 - Toolbar: SE-Toolbar - {691AFBC1-3C46-406D-AD22-EB3A0F665FC1} - C:\WINNT\system32\setoolbar.dll



O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Program Files\iMeshBar\bar\1.bin\IMESHBAR.DLL (file missing)



O4 - HKLM\..\Run: [paywxengtj] C:\WINNT\system32\hzemdl[Caution: ExecutableFile]



O4 - HKLM\..\Run: [fweradggs] C:\WINNT\system32\fweradggs[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ntTJm] C:\WINNT\mwuxpcd[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK[Caution: ExecutableFile]



O4 - HKLM\..\Run: [wrstip] C:\WINNT\wrstip[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ntTJmú*áaîžrgÃÂÂ

Posted Image
Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

#10
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
I deleted those things. I am still getting a message whenever I try to open my antivirus or HJT that says:







AntiVirus (thats the title)



No Viruses, Trojans or Spyware found!



Status: OK







I have to leave that message open and then try open HJT or my antivirus again. If I click ok or x the message it will just keep coming up when I click on HJT or my antivirus.







Here's my HJT Log once again:







Logfile of HijackThis v1.99.1



Scan saved at 12:24:18, on 07/11/2005



Platform: Windows 2000 SP4 (WinNT 5.00.2195)



MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)







Running processes:



C:\WINNT\System32\smss[Caution: ExecutableFile]



C:\WINNT\system32\winlogon[Caution: ExecutableFile]



C:\WINNT\system32\services[Caution: ExecutableFile]



C:\WINNT\system32\lsass[Caution: ExecutableFile]



C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]



C:\WINNT\system32\svchost[Caution: ExecutableFile]



C:\WINNT\System32\svchost[Caution: ExecutableFile]



C:\WINNT\system32\spoolsv[Caution: ExecutableFile]



C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]



C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]



C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]



c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]



C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]



C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile]



C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]



C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]



C:\WINNT\system32\MSTask[Caution: ExecutableFile]



C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]



C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile]



C:\WINNT\Explorer[Caution: ExecutableFile]



C:\WINNT\System32\mspmspsv[Caution: ExecutableFile]



C:\WINNT\system32\svchost[Caution: ExecutableFile]



C:\WINNT\system32\tp4serv[Caution: ExecutableFile]



C:\WINNT\system32\atiptaxx[Caution: ExecutableFile]



C:\WINNT\LTSMMSG[Caution: ExecutableFile]



C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]



C:\WINNT\system32\PRPCUI[Caution: ExecutableFile]



C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]



C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile]



C:\WINNT\regit[Caution: ExecutableFile]



C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]



C:\WINNT\AGRSMMSG[Caution: ExecutableFile]



C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]



C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]



C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]



C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]



C:\WINNT\system32\internat[Caution: ExecutableFile]



C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile]



C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]



C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]



C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]



C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]



C:\Program Files\Real\RealPlayer\RealPlay[Caution: ExecutableFile]



C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile]







R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/



R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;



F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile]



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx



O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll



O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll



O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx



O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll



O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile]



O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile]



O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Synchronization Manager] mobsync[Caution: ExecutableFile] /logon



O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile]



O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile]



O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK



O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min



O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT



O4 - HKLM\..\Run: [sountskmanager] sountaskmgr



O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot



O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile]



O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile]



O4 - HKLM\..\Run: [SsAAD[Caution: ExecutableFile]] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]



O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKLM\..\Run: [ WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]



O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr



O4 - HKCU\..\Run: [Internat[Caution: ExecutableFile]] internat[Caution: ExecutableFile]



O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] /R



O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q



O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background



O4 - HKCU\..\Run: [_WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]



O4 - HKCU\..\Run: [_WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]



O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]"



O4 - Global Startup: Download Demon.lnk = C:\Program Files\Netzip Download Demon\Netzip Download Demon[Caution: ExecutableFile]



O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]



O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare[Caution: ExecutableFile]



O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll



O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll



O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll



O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon... ... b27571.cab



O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon... ... b30149.cab



O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon... ... b27571.cab



O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.... ... winrep.cab



O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab



O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros... ... 4126470871



O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamesp... ... launch.cab



O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai... ... scan53.cab



O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon... ... b27571.cab



O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone... ... WebAAS.cab



O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/... ... b34246.cab



O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab



O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app... ... tector.cab



O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/... ... der_v6.cab



O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com



O17 - HKLM\System\CCS\Services\Tcpip\..\{339C5575-6924-44D2-A335-9B73A7F4FDC4}: NameServer = 195.3.96.67 195.3.96.68



O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com



O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com



O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll



O18 - Filter: text/html - {5C13EB45-8423-4758-A45C-4FF84011705D} - C:\Documents and Settings\Admin\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat



O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD[Caution: ExecutableFile]



O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]



O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]



O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]



O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin[Caution: ExecutableFile]



O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]



O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]



O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINNT\system32\mousebm[Caution: ExecutableFile] (file missing)



O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV[Caution: ExecutableFile]



O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]" -sSQLEXPRESS (file missing)



O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo[Caution: ExecutableFile] (file missing)



O23 - Service: Network Associates Management Agent - Network Associates - C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]



O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR[Caution: ExecutableFile]



O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]



O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]



O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]



O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV[Caution: ExecutableFile]



O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]



O23 - Service: System Messenger Service (WINSMSC) - Unknown owner - C:\WINNT\smsc[Caution: ExecutableFile] (file missing)

#11
coltm4carbine
[ Display Name History ]

coltm4carbine

    Bear Fur

  • Members
  • 258 posts
  • Location:England
  • Joined:12 October 2005
i guess i should let him take over the log then cos i don't want what happened last time to be repeated.







ok using another canned speech for ewido security suite. might not be helpful but it should hopefully pick up any trojans that the other scanners have missed.







Welcome,



Please follow the instructions provided, you may want to print out these instructions and use them as a reference.







First:



Please download ewido security suite it is a trial version of the program.



[*:1emcjs9n]Install ewido security suite



[*:1emcjs9n]When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".



[*:1emcjs9n]Launch ewido, there should be an icon on your desktop double-click it.



[*:1emcjs9n]The program will prompt you to update click the OK button



[*:1emcjs9n]The program will now go to the main screenYou will need to update ewido to the latest definition files.



[*:1emcjs9n]On the left hand side of the main screen click update



[*:1emcjs9n]Click on StartThe update will start and a progress bar will show the updates being installed.



Once the updates are installed do the following:



[*:1emcjs9n]Click on scanner



[*:1emcjs9n]Make sure the following boxes are checked before scanning:



[*:1emcjs9n]Binder



[*:1emcjs9n]Crypter



[*:1emcjs9n]Archives



[*:1emcjs9n]Click on Start Scan



[*:1emcjs9n]Let the program scan the machine[/list]While the scan is in progress you will be prompted to clean files, click OK







Once the scan has completed, there will be a button located on the bottom of the screen named Save report



[*:1emcjs9n]Click Save report



[*:1emcjs9n]Save the report to your desktopReboot your machine and post back a new HJT Log and the Ewido Scan .txt Log file you saved by using Add Reply

#12
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
I will do this and post the new log tomorrow

#13
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
I did the ewido scan and deleted everything it found. The log is below. I then ran HJT and that log is in the following post







---------------------------------------------------------



ewido security suite - Scan report



---------------------------------------------------------







+ Created on: 16:48:06, 08/11/2005



+ Report-Checksum: D1829270







+ Scan result:







HKLM\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup



HKLM\SOFTWARE\Classes\CLSID\{43E2DBE5-8C8A-4519-9684-8CD7F39A5147} -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\CLSID\{43E2DBE5-8C8A-4519-9684-8CD7F39A5147}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6} -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\CLSID\{4CEBBC6B-5CEE-4644-80CF-38980BAE93F6}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup



HKLM\SOFTWARE\Classes\CLSID\{DA3609D1-3E96-4726-A17F-30F46AE89726} -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\CLSID\{DA3609D1-3E96-4726-A17F-30F46AE89726}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj -> Spyware.BetterInternet : Cleaned with backup



HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj\CLSID -> Spyware.BetterInternet : Cleaned with backup



HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj\CLSID\\ -> Spyware.VX2 : Cleaned with backup



HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj\CurVer -> Spyware.BetterInternet : Cleaned with backup



HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj.1 -> Spyware.BetterInternet : Cleaned with backup



HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj.1\CLSID\\ -> Spyware.VX2 : Cleaned with backup



HKLM\SOFTWARE\Classes\GSDA.GSDACtl\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup



HKLM\SOFTWARE\Classes\GSDA.GSDACtl.1\CLSID\\ -> Spyware.GameSpyArcade : Cleaned with backup



HKLM\SOFTWARE\Classes\IExplorr23.clsDW\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\IExplorr23.clsIS\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\IExplorr24.clsDW -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\IExplorr24.clsDW\Clsid -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\IExplorr24.clsDW\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\IExplorr24.clsIS\Clsid\\ -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\Interface\{338F1D89-A419-4C40-96E3-C29C978A7DF6} -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\Interface\{338F1D89-A419-4C40-96E3-C29C978A7DF6}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\Interface\{C08175C6-B2B2-47FC-AF1A-32F77A6CB673} -> Spyware.VX2 : Cleaned with backup



HKLM\SOFTWARE\Classes\Interface\{C08175C6-B2B2-47FC-AF1A-32F77A6CB673}\TypeLib\\ -> Spyware.VX2 : Cleaned with backup



HKLM\SOFTWARE\Classes\Interface\{CBD7E8BE-0E1E-441D-B133-E26F5636CCCF} -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\Interface\{CBD7E8BE-0E1E-441D-B133-E26F5636CCCF}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\Interface\{E41774F1-63E7-44ED-A03A-FF8422F9AFF0} -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\Interface\{E41774F1-63E7-44ED-A03A-FF8422F9AFF0}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup



HKLM\SOFTWARE\Classes\Interface\{FC385F81-0109-4FA8-AAD0-53B4A9A5DD2B} -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\Interface\{FC385F81-0109-4FA8-AAD0-53B4A9A5DD2B}\TypeLib\\ -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup



HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup



HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup



HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Cleaned with backup



HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Cleaned with backup



HKLM\SOFTWARE\Classes\TypeLib\{1620D17D-F2B5-43BE-8ED4-6B22E321D2A3} -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\TypeLib\{22CBCB4C-E9DF-4D25-86BC-FFDA4DF8FC06} -> Spyware.InetSpeak : Cleaned with backup



HKLM\SOFTWARE\Classes\TypeLib\{230C3786-1C2C-45BD-9D2D-9D277FCE6289} -> Spyware.VX2 : Cleaned with backup



HKLM\SOFTWARE\Classes\WinAdToolsX.Installer -> Spyware.BlazeFind : Cleaned with backup



HKLM\SOFTWARE\Classes\WinAdToolsX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup



HKLM\SOFTWARE\Classes\WinAdToolsX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup



HKLM\SOFTWARE\Classes\WinCommX.Installer -> Spyware.BlazeFind : Cleaned with backup



HKLM\SOFTWARE\Classes\WinCommX.Installer\CLSID -> Spyware.BlazeFind : Cleaned with backup



HKLM\SOFTWARE\Classes\WinCommX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/BM2.dll\\.Owner -> Spyware.VX2 : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/BM2.dll\\{DDFFA75A-E81D-4454-89FC-B9FD0631E726} -> Spyware.VX2 : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/gsda.dll\\.Owner -> Spyware.GameSpyArcade : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/gsda.dll\\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1018.dll\\.Owner -> Spyware.Gator : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1018.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/Install.dll\\.Owner -> Spyware.CnsMin : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/Install.dll\\{205FF73B-CA67-11D5-99DD-444553540006} -> Spyware.CnsMin : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ISTactivex.dll\\.Owner -> Spyware.ISTBar : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/ISTactivex.dll\\{12398DD6-40AA-4C40-A4EC-A42CFC0DE797} -> Spyware.ISTBar : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MediaTicketsInstaller.ocx\\.Owner -> Spyware.PurityScan : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/MediaTicketsInstaller.ocx\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdCtlX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdCtlX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdToolsX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinAdToolsX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinCommX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/WinCommX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/YSBactivex.dll\\.Owner -> Spyware.YourSiteBar : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/YSBactivex.dll\\{771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} -> Spyware.YourSiteBar : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Cleaned with backup



HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup



HKLM\SOFTWARE\WildMedia\LicenseStores -> Spyware.MidAddle : Cleaned with backup



HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup



HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup



HKU\S-1-5-21-527237240-764733703-1343024091-1000\Software\DLMax -> Spyware.BetterInternet : Cleaned with backup



HKU\S-1-5-21-527237240-764733703-1343024091-1000\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup



HKU\S-1-5-21-527237240-764733703-1343024091-1000\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup



C:\WINNT\system\UpdInstall[Caution: ExecutableFile] -> Spyware.VX2 : Cleaned with backup



C:\WINNT\Explor[Caution: ExecutableFile] -> Heuristic.Win32.Dialer : Cleaned with backup



C:\WINNT\CPU_[Caution: ExecutableFile] -> Dialer.Generic : Cleaned with backup



C:\WINNT\iLookup -> Adware.eZula : Cleaned with backup



C:\Documents and Settings\Administrator\Cookies\administrator@ads20.hyperbanner[2].txt -> Spyware.Cookie.Hyperbanner : Cleaned with backup



C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\BDAOUUFH\screen_photo[1].RB0/Screen_Photo.jpeg-graphic1[Caution: ExecutableFile] -> TrojanDropper.VB.iv : Cleaned with backup



C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\5WOJDXCT\screen_photo[1].RB0/Screen_Photo.jpeg-graphic1[Caution: ExecutableFile] -> TrojanDropper.VB.iv : Cleaned with backup



C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\6LRO9S7E\screen_photo[1].RB0/Screen_Photo.jpeg-graphic1[Caution: ExecutableFile] -> TrojanDropper.VB.iv : Cleaned with backup



C:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\SV1FAQB1\mm[1].js -> Spyware.Chitika : Cleaned with backup



C:\Documents and Settings\Admin\Cookies\admin@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup



C:\Documents and Settings\Admin\Cookies\admin@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup



C:\Documents and Settings\Admin\Cookies\admin@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup



C:\Documents and Settings\Admin\Cookies\admin@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup



C:\Documents and Settings\Admin\Cookies\admin@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup



C:\Documents and Settings\Admin\Cookies\admin@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup



C:\Documents and Settings\Admin\Cookies\admin@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup



C:\Documents and Settings\Admin\Cookies\admin@oewabox[1].txt -> Spyware.Cookie.Oewabox : Cleaned with backup



C:\Documents and Settings\Admin\Cookies\admin@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup



:mozilla.10:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup



:mozilla.11:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup



:mozilla.12:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup



:mozilla.13:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup



:mozilla.14:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup



:mozilla.15:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup



:mozilla.25:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup



:mozilla.26:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup



:mozilla.27:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup



:mozilla.28:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup



:mozilla.29:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup



:mozilla.30:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup



:mozilla.31:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup



:mozilla.37:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup



:mozilla.44:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup



:mozilla.45:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup



:mozilla.46:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup



:mozilla.59:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.60:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.61:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.62:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.63:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.64:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.65:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.66:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.67:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.68:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.69:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.70:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.71:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.72:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.73:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.74:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.75:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.76:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup



:mozilla.77:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.78:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup



:mozilla.79:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup



:mozilla.80:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.81:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.82:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.83:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.84:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.85:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.86:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.87:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.88:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.89:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.90:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.91:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.92:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.93:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.94:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.95:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.96:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.97:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.98:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.99:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.100:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.101:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.102:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.103:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.104:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.105:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.106:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.107:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.108:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.109:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.110:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.111:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.112:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.113:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.114:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.115:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.116:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.117:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.118:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.119:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.120:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.121:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.122:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.123:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.124:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.125:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.126:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.127:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup



:mozilla.142:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Oewabox : Cleaned with backup



:mozilla.154:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup



:mozilla.169:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Etracker : Cleaned with backup



:mozilla.170:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup



:mozilla.171:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup



:mozilla.172:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup



:mozilla.173:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup



:mozilla.174:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup



:mozilla.175:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup



:mozilla.176:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup



:mozilla.177:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup



:mozilla.179:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup



:mozilla.180:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup



:mozilla.181:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup



:mozilla.183:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup



:mozilla.185:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup



:mozilla.186:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup



:mozilla.187:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup



:mozilla.188:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup



:mozilla.189:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup



:mozilla.190:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup



:mozilla.191:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup



:mozilla.192:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup



:mozilla.193:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup



:mozilla.194:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup



:mozilla.195:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup



:mozilla.196:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup



:mozilla.214:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup



:mozilla.215:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup



:mozilla.216:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup



:mozilla.217:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup



:mozilla.218:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup



:mozilla.219:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup



:mozilla.220:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup



:mozilla.221:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup



:mozilla.222:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup



:mozilla.224:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.225:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.226:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.243:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup



:mozilla.255:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup



:mozilla.256:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup



:mozilla.257:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup



:mozilla.258:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup



:mozilla.259:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup



:mozilla.260:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup



:mozilla.268:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup



:mozilla.269:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup



:mozilla.270:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup



:mozilla.303:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup



:mozilla.312:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.320:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup



:mozilla.324:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup



:mozilla.327:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup



:mozilla.342:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup



:mozilla.348:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup



:mozilla.349:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup



:mozilla.350:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup



:mozilla.354:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup



:mozilla.356:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup



:mozilla.376:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup



:mozilla.378:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup



:mozilla.379:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup



:mozilla.380:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup



:mozilla.381:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup



:mozilla.382:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup



:mozilla.436:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup



:mozilla.444:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup



:mozilla.462:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.463:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.470:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.472:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.486:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup



:mozilla.487:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup



:mozilla.488:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup



:mozilla.489:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup



:mozilla.496:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.497:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.510:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup



:mozilla.511:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup



:mozilla.512:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup



:mozilla.513:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup



:mozilla.514:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup



:mozilla.515:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup



:mozilla.516:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup



:mozilla.518:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup



:mozilla.547:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup



:mozilla.571:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup



:mozilla.572:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup



:mozilla.573:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup



:mozilla.574:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup



:mozilla.575:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup



:mozilla.576:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup



:mozilla.605:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Popularix : Cleaned with backup



:mozilla.607:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.654:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup



:mozilla.655:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup



:mozilla.656:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup



:mozilla.657:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup



:mozilla.659:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup



:mozilla.667:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup



:mozilla.668:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup



:mozilla.709:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup



:mozilla.716:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup



:mozilla.717:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup



:mozilla.718:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup



:mozilla.719:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup



:mozilla.756:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup



:mozilla.760:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.763:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.780:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.781:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.811:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup



:mozilla.813:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup



:mozilla.814:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup



:mozilla.815:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup



:mozilla.816:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup



:mozilla.824:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.825:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.826:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.827:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.861:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup



:mozilla.866:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup



:mozilla.886:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup



:mozilla.889:C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\rkidzyj9.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup



C:\Documents and Settings\Admin\Complete\SWAT 4 + patch1.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Splinter Cell - Chaos Theory.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\10 Secrets To Great Sex - Secret 3.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Age of Mythology The Titans.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Symantec Norton Ghost 10.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Paris Dakar Rally.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\BlackICE PC Protection 3.6com.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\SWAT 4.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Transporter 2.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Trend Micro Pattern File 2.773.00.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Camtasia Studio 3.01.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\DEKSI Network Inventory 4.4.2.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Splinter Cell Pandora Tommorow.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Adobe Premier Pro 7.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Doom (2005) The.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\MP3 Audio Sound Recorder 1.32.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Avast Antivirus Pro 4.6.691.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\PC-Cillin Internet Security 2006.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Symantec Norton Mega Pack.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Auto MP3 Player 1.26.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\BeFaster 3.55.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\McAfee Virus Definitions 4555.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\3d Studio Max 8.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Elizabethtown.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Delta Force Xtreme + patch 1.6.5.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\The Myth (2005).RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Powerdvd Copy 1.0.0.701.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Aurora Video VCDDVD Converter&Crea.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Aurora Media Workshop 2.4.16.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Power Video Converter 1.4.11.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Plato DVD Ripper 1.30.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Archivarius 3000 3.23.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Easy DVD Clone 3.0.4.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Absolute Video Converter 2.5.6.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Game XP 1.5.8.10.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\NewsReactor 1.0.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\Easy GIF Animator 3.1.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\ImTOO DVD Audio Ripper 2.0.55.801.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\ImTOO 3GP Video Converter 2.1.50.810b.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Documents and Settings\Admin\Complete\ImTOO AVI MPEG Converter 2.1.50.810b.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup



C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup



C:\Program Files\Media Access\MediaAccess[Caution: ExecutableFile] -> Adware.MediaAccess : Cleaned with backup



C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup



C:\Program Files\AVPersonal\INFECTED\MSBB[Caution: ExecutableFile].VIR -> Spyware.180Solutions : Cleaned with backup



C:\Program Files\AVPersonal\INFECTED\ANI[1].ANR.VIR -> TrojanDownloader.Ani.c : Cleaned with backup



C:\Program Files\AVPersonal\INFECTED\M11[1].JPG.VIR/y.bat -> Trojan.Zapchast : Cleaned with backup



C:\Program Files\winupdates\a.RB0/Setup[Caution: ExecutableFile] -> Worm.VB.an : Cleaned with backup











::Report End

#14
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
And here's the HJT log for after the ewido scan:







Logfile of HijackThis v1.99.1



Scan saved at 16:49:23, on 08/11/2005



Platform: Windows 2000 SP4 (WinNT 5.00.2195)



MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)







Running processes:



C:\WINNT\System32\smss[Caution: ExecutableFile]



C:\WINNT\system32\winlogon[Caution: ExecutableFile]



C:\WINNT\system32\services[Caution: ExecutableFile]



C:\WINNT\system32\lsass[Caution: ExecutableFile]



C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]



C:\WINNT\system32\svchost[Caution: ExecutableFile]



C:\WINNT\System32\svchost[Caution: ExecutableFile]



C:\WINNT\system32\spoolsv[Caution: ExecutableFile]



C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]



C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]



C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]



c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]



C:\WINNT\Explorer[Caution: ExecutableFile]



C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]



C:\WINNT\System32\NTME\brad32[Caution: ExecutableFile]



C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]



C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]



C:\WINNT\system32\MSTask[Caution: ExecutableFile]



C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]



C:\WINNT\System32\WBEM\WinMgmt[Caution: ExecutableFile]



C:\WINNT\System32\mspmspsv[Caution: ExecutableFile]



C:\WINNT\system32\svchost[Caution: ExecutableFile]



C:\WINNT\system32\tp4serv[Caution: ExecutableFile]



C:\WINNT\system32\atiptaxx[Caution: ExecutableFile]



C:\WINNT\LTSMMSG[Caution: ExecutableFile]



C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]



C:\WINNT\system32\PRPCUI[Caution: ExecutableFile]



C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]



C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile]



C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]



C:\WINNT\AGRSMMSG[Caution: ExecutableFile]



C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]



C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]



C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]



C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]



C:\WINNT\system32\internat[Caution: ExecutableFile]



C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile]



C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]



C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]



C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]



C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]



C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]



C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR[Caution: ExecutableFile]



C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex[Caution: ExecutableFile]



C:\WINNT\system32\NOTEPAD[Caution: ExecutableFile]



C:\Documents and Settings\Admin\Desktop\Hijack\HijackThis[Caution: ExecutableFile]



C:\Program Files\Mozilla Firefox\firefox[Caution: ExecutableFile]







R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/



R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://66.250.171.137/dpindex.html



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\about.htm



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.aon.at:8080;http=proxy.aon.at:8080



R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.aon.at;*.jet2web.net;



F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit[Caution: ExecutableFile]



O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx



O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll



O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll



O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx



O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll



O4 - HKLM\..\Run: [TrackPointSrv] tp4serv[Caution: ExecutableFile]



O4 - HKLM\..\Run: [AtiPTA] atiptaxx[Caution: ExecutableFile]



O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Synchronization Manager] mobsync[Caution: ExecutableFile] /logon



O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TP4EX] tp4ex[Caution: ExecutableFile]



O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ConfigSafe] C:\CFGSAFE\NTFSCLUP[Caution: ExecutableFile]



O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX[Caution: ExecutableFile] -CHECK



O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32[Caution: ExecutableFile] /min



O4 - HKLM\..\Run: [sbar] "C:\WINNT\regit[Caution: ExecutableFile]" C:\WINNT



O4 - HKLM\..\Run: [sountskmanager] sountaskmgr



O4 - HKLM\..\Run: [AspConfig] C:\WINNT\AspConfig[Caution: ExecutableFile]



O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched[Caution: ExecutableFile]" -osboot



O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG[Caution: ExecutableFile]



O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO[Caution: ExecutableFile]



O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\iHP100\iHPDetect[Caution: ExecutableFile]



O4 - HKLM\..\Run: [SsAAD[Caution: ExecutableFile]] C:\PROGRA~1\Sony\SONICS~1\SsAAD[Caution: ExecutableFile]



O4 - HKLM\..\Run: [ WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]



O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper[Caution: ExecutableFile]"



O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask[Caution: ExecutableFile]" -atboottime



O4 - HKLM\..\Run: [ WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]



O4 - HKLM\..\RunServices: [sountskmanager] sountaskmgr



O4 - HKCU\..\Run: [Internat[Caution: ExecutableFile]] internat[Caution: ExecutableFile]



O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect[Caution: ExecutableFile] /R



O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor[Caution: ExecutableFile]" /Q



O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr[Caution: ExecutableFile]" /background



O4 - HKCU\..\Run: [_WinINet] C:\WINNT\ConnectionStatus\services[Caution: ExecutableFile]



O4 - HKCU\..\Run: [_WinCheck] C:\WINNT\ConnectionStatus\Microsoft\services[Caution: ExecutableFile]



O4 - HKCU\..\Run: [a-squared] "C:\Program Files\a-squared\a2guard[Caution: ExecutableFile]"



O4 - Global Startup: Download Demon.lnk = C:\Program Files\Netzip Download Demon\Netzip Download Demon[Caution: ExecutableFile]



O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA[Caution: ExecutableFile]



O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare[Caution: ExecutableFile]



O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL[Caution: ExecutableFile]/3000



O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll



O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll



O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll



O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll



O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon... ... b27571.cab



O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon... ... b30149.cab



O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon... ... b27571.cab



O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) - https://webresponse.... ... winrep.cab



O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.co...UC/MsnPUpld.cab



O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros... ... 4126470871



O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai... ... scan53.cab



O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon... ... b27571.cab



O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone... ... WebAAS.cab



O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/... ... b34246.cab



O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab



O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app... ... tector.cab



O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/... ... der_v6.cab



O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com



O17 - HKLM\System\CCS\Services\Tcpip\..\{339C5575-6924-44D2-A335-9B73A7F4FDC4}: NameServer = 195.3.96.67 195.3.96.68



O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com



O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ECO-CEE.at.schneider-electric.com



O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll



O18 - Filter: text/html - {5C13EB45-8423-4758-A45C-4FF84011705D} - C:\Documents and Settings\Admin\Local Settings\Application Data\microsoft\internet explorer\V0.26.dat



O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD[Caution: ExecutableFile]



O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx[Caution: ExecutableFile]



O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV[Caution: ExecutableFile]



O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA[Caution: ExecutableFile]



O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin[Caution: ExecutableFile]



O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl[Caution: ExecutableFile]



O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc[Caution: ExecutableFile]



O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT[Caution: ExecutableFile]



O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService[Caution: ExecutableFile]



O23 - Service: Mouse Button Monitor (mousebm) - Unknown owner - C:\WINNT\system32\mousebm[Caution: ExecutableFile] (file missing)



O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV[Caution: ExecutableFile]



O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr[Caution: ExecutableFile]" -sSQLEXPRESS (file missing)



O23 - Service: netinfo - Unknown owner - C:\WINNT\netinfo[Caution: ExecutableFile] (file missing)



O23 - Service: Network Associates Management Agent - Network Associates - C:\WINNT\System32\NTME\METHWNT[Caution: ExecutableFile]



O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR[Caution: ExecutableFile]



O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc[Caution: ExecutableFile]



O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC[Caution: ExecutableFile]



O23 - Service: ScsiAccess - Unknown owner - C:\WINNT\system32\ScsiAccess[Caution: ExecutableFile]



O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV[Caution: ExecutableFile]



O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV[Caution: ExecutableFile]



O23 - Service: System Messenger Service (WINSMSC) - Unknown owner - C:\WINNT\smsc[Caution: ExecutableFile] (file missing)

#15
coltm4carbine
[ Display Name History ]

coltm4carbine

    Bear Fur

  • Members
  • 258 posts
  • Location:England
  • Joined:12 October 2005
Your computer is a lot worst than i thought it would be... how long have this error message about your AV been popping up?







If you disable "sountaskmgr or sountaskmgr[Caution: ExecutableFile]" does the error message still pop up?







suprisingly the unindentified trojan/ worm is still here... and i am sure it is bad but i won't fix it incase i am wrong.







ok another canned speech this time for submitting a file see if it comes back negative.



I am a bit suprised that they still haven't found out the trojan/ worm from the online scans.







If you know it, tell me what it is and if not, please can you also submit the following file to one of these online file scanners.







Be sure you're able to view hidden files , and find the following files/ folders in bold (if found) and send it to the online scanner listed below:







sountaskmgr (most like to be somewhere in the C:\WINDOWS\System32 folder but i won't count on it.)







Jotti File Scan



VirusTotal File Scan










This will produce a report after the scan is complete, please copy and paste those results in your next post.







After that you will need to rehide the files.







see if it comes back with anything.







forget that link its not going to help if you use symantec. McAfee only.

#16
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
I don't have a C:\WINDOWS\System32 but I do have C:\WINNT\System32. I checked that folder and there's no soundtaskmgr. Where else should I look or do I have to run a search on my whole computer?

#17
coltm4carbine
[ Display Name History ]

coltm4carbine

    Bear Fur

  • Members
  • 258 posts
  • Location:England
  • Joined:12 October 2005
opps i think i clicked on a bad link while looking at your first log. nvm.







yeh soz i meant C:\WINNT\System32.







ok fix that 04 line too. it should come out bad anyway. I did want you to send it to webimmune to get it analyzed by hand but nvm- thats for McAfee users only (link i got anyway).







omfg i don't beieve this... i forgot to press submit. anyway heres the reply like half and hour ago.

#18
fakeeoghan
[ Display Name History ]

fakeeoghan

    Bear Fur

  • Members
  • 269 posts
  • Location:Somewhere Foreign
  • Joined:8 January 2005
I'm sorry, what O4 line? and what about this soundtaskmgr thing? Do I forget that? Got to sleep noe but I'll check back tomorrow

#19
Mercifull
[ Display Name History ]

Mercifull

    Post Junkie

  • Members
  • 16,130 posts
  • Gender:Male
  • Location:In a house where everything is coated in cat fur
  • Joined:18 June 2004
  • RuneScape Status:P2P
  • RSN:Mercifull
  • Clan:Tip.It
Mmm i think i'll leave the "expert" to carry on with this help thread then...

Posted Image
Mercifull <3 Suzi

"We don't want players to be able to buy their way to success in RuneScape. If we let players start doing this, it devalues RuneScape for others. We feel your status in real-life shouldn't affect your ability to be successful in RuneScape" Jagex 01/04/01 - 02/03/12

#20
coltm4carbine
[ Display Name History ]

coltm4carbine

    Bear Fur

  • Members
  • 258 posts
  • Location:England
  • Joined:12 October 2005
ok can you post a new hijack this log?







if you disable sountaskmgr from the task manager (ctrl+alt+delete) does the







"AntiVirus (thats the title)



No Viruses, Trojans or Spyware found!



Status: OK"








still appear?







:( i was gonna let mercifull take over once i have sorted out the main infections - i will be on holiday soon and i won't have a pc.







besides mercifull will know a lot more than me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users