Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Drive Cleaner And More... Hijackthis Log Inc.


  • Please log in to reply
18 replies to this topic

#1 Groeger1

Groeger1

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 16 August 2007 - 02:44 PM

Thank you for any help you can offer. I am currently running SpySweeper with anti-virus.

Logfile of HijackThis v1.99.1
Scan saved at 3:00:39 PM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\vipoh22011.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\FirstClass\fcc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\George\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0b421a90-f22e-44cd-9576-60ec6658a7c4} - C:\WINDOWS\system32\oghshkg.dll (file missing)
O2 - BHO: (no name) - {13E79146-FB6E-4F30-89E4-4DB8BC11E048} - C:\WINDOWS\system32\pmnnm.dll (file missing)
O2 - BHO: (no name) - {271F4378-D48D-419F-ABC0-1D9986AB0D19} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: (no name) - {38BE32C4-7B9E-45C2-B66F-3F85FC7C18EA} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {76F19286-D167-48DD-9A85-44C2F768E8DD} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O2 - BHO: (no name) - {9DABC573-9D2C-405D-B4F0-6915AA5B9077} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on GEORGE-LAPTOP] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" /P48 "Auto EPSON Stylus CX3800 Series on GEORGE-LAPTOP" /O24 "\\GEORGE-LAPTOP\Printer2" /M "Stylus CX3800"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vipoh] "C:\Program Files\Common Files\vipoh22011.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll (file missing)
O20 - Winlogon Notify: mljgfcb - mljgfcb.dll (file missing)
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

BC AdBot (Login to Remove)

 


#2 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 16 August 2007 - 04:14 PM

Hello there and welcome to BleepingComputer. My name is Charles and I will be dealing with your log today.
Go to this page.
Where it says "Browse to the file you want to submit", copy and paste the filepath below into the box:

C:\Program Files\Common Files\vipoh22011.exe

Then click the Send File button below.

Please download VundoFix to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt in your next reply.
Note: It is possible that VundoFix encountered a file it could not remove.
VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

Please include VundoFix.txt and a new HijackThis log in your next reply, and also let me know when you have uploaded the file for me.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#3 Groeger1

Groeger1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 16 August 2007 - 07:45 PM

Hello Charles and thank you for taking my case!

I've run Vundofix and uploaded the file you requested. Vundofix did not note any errors, but did reboot automatically. It did not, however, open after I rebooted.

Here are the two logs.

Thanks again,


VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 10:04:35 AM 7/19/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:47:33 AM 8/13/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmkhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 9:01:26 AM 8/13/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\ssqrs.dll

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:28:19 AM 8/14/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\windows\system32\nyqkrktp.exe
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\ssqrs.dll

Beginning removal...

Attempting to delete C:\windows\system32\nyqkrktp.exe
C:\windows\system32\nyqkrktp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ssqrs.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 7:22:47 AM 8/15/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\pmnnm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:17:26 AM 8/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\pmnnm.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 4:55:17 PM 8/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\pmnnm.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:32:34 PM 8/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\pmnnm.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:38:09 PM 8/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\pmnnm.dll





Logfile of HijackThis v1.99.1
Scan saved at 8:44:52 PM, on 8/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\vipoh22011.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\George\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0b421a90-f22e-44cd-9576-60ec6658a7c4} - C:\WINDOWS\system32\oghshkg.dll (file missing)
O2 - BHO: (no name) - {13E79146-FB6E-4F30-89E4-4DB8BC11E048} - C:\WINDOWS\system32\pmnnm.dll (file missing)
O2 - BHO: (no name) - {271F4378-D48D-419F-ABC0-1D9986AB0D19} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: (no name) - {38BE32C4-7B9E-45C2-B66F-3F85FC7C18EA} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: (no name) - {76F19286-D167-48DD-9A85-44C2F768E8DD} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O2 - BHO: (no name) - {9DABC573-9D2C-405D-B4F0-6915AA5B9077} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on GEORGE-LAPTOP] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" /P48 "Auto EPSON Stylus CX3800 Series on GEORGE-LAPTOP" /O24 "\\GEORGE-LAPTOP\Printer2" /M "Stylus CX3800"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [vipoh] "C:\Program Files\Common Files\vipoh22011.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll (file missing)
O20 - Winlogon Notify: mljgfcb - mljgfcb.dll (file missing)
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#4 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 17 August 2007 - 03:34 AM

Hi George,
That file you uploaded for me was infected, so we'll get rid of it now.

Scan again with HijackThis and put a checkmark next to each of the following entries (if present):

O2 - BHO: (no name) - {13E79146-FB6E-4F30-89E4-4DB8BC11E048} - C:\WINDOWS\system32\pmnnm.dll (file missing)
O2 - BHO: (no name) - {271F4378-D48D-419F-ABC0-1D9986AB0D19} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: (no name) - {38BE32C4-7B9E-45C2-B66F-3F85FC7C18EA} - C:\WINDOWS\system32\pmkhi.dll (file missing)
O2 - BHO: (no name) - {76F19286-D167-48DD-9A85-44C2F768E8DD} - C:\WINDOWS\system32\ddcyx.dll (file missing)
O2 - BHO: (no name) - {9DABC573-9D2C-405D-B4F0-6915AA5B9077} - C:\WINDOWS\system32\ssqrs.dll (file missing)
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - (no file)
O4 - HKLM\..\Run: [vipoh] "C:\Program Files\Common Files\vipoh22011.exe"
O15 - Trusted Zone: *.amaena.com
O15 - Trusted Zone: *.drivecleaner.com
O15 - Trusted Zone: *.errorprotector.com
O15 - Trusted Zone: *.errorsafe.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantispyware.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.winfixer.com
O20 - Winlogon Notify: ddcyx - C:\WINDOWS\system32\ddcyx.dll (file missing)
O20 - Winlogon Notify: mljgfcb - mljgfcb.dll (file missing)
O20 - Winlogon Notify: pmnnm - C:\WINDOWS\system32\pmnnm.dll (file missing)


Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix checked button.

Navigate to and delete the file you uploaded:

C:\Program Files\Common Files\vipoh22011.exe

Reboot your computer: IMPORTANT.

Please scan again with both HijackThis and Vundofix, posting back both of the new logs in your next reply.
Thanks,
Charles

Edited by rookie147, 17 August 2007 - 03:35 AM.

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#5 Groeger1

Groeger1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 August 2007 - 06:29 AM

Good morning Charles,

I've done everything you've noted. Here is the results.

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 10:04:35 AM 7/19/2007

Listing files found while scanning....

No infected files were found.


VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:47:33 AM 8/13/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ihkmp.bak1
C:\WINDOWS\system32\ihkmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ihkmp.ini
C:\WINDOWS\system32\ihkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkhi.dll
C:\WINDOWS\system32\pmkhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xycdd.bak1
C:\WINDOWS\system32\xycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xycdd.ini
C:\WINDOWS\system32\xycdd.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 9:01:26 AM 8/13/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\ssqrs.dll

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:28:19 AM 8/14/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\windows\system32\nyqkrktp.exe
C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\ssqrs.dll

Beginning removal...

Attempting to delete C:\windows\system32\nyqkrktp.exe
C:\windows\system32\nyqkrktp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.bak1
C:\WINDOWS\system32\srqss.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.bak2
C:\WINDOWS\system32\srqss.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\srqss.ini
C:\WINDOWS\system32\srqss.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrs.dll
C:\WINDOWS\system32\ssqrs.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 7:22:47 AM 8/15/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\pmnnm.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mnnmp.bak1
C:\WINDOWS\system32\mnnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\mnnmp.ini
C:\WINDOWS\system32\mnnmp.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:17:26 AM 8/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\pmnnm.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.6

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 4:55:17 PM 8/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\pmnnm.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:32:34 PM 8/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\pmnnm.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 8:38:09 PM 8/16/2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyx.dll
C:\WINDOWS\system32\pmnnm.dll

VundoFix V6.5.7

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 7:25:19 AM 8/17/2007

Listing files found while scanning....

No infected files were found.



Logfile of HijackThis v1.99.1
Scan saved at 7:28:54 AM, on 8/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Logitech\QuickCam10\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\George\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0b421a90-f22e-44cd-9576-60ec6658a7c4} - C:\WINDOWS\system32\oghshkg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [zBrowser Launcher] "C:\Program Files\Logitech\iTouch\iTouch.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3800 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
O4 - HKLM\..\Run: [Auto EPSON Stylus CX3800 Series on GEORGE-LAPTOP] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" /P48 "Auto EPSON Stylus CX3800 Series on GEORGE-LAPTOP" /O24 "\\GEORGE-LAPTOP\Printer2" /M "Stylus CX3800"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/web_...aploader_v6.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

#6 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 17 August 2007 - 04:47 PM

You're using an outdated version of Java (the latest one is Java Runtime Environment (JRE) 6u2), and these can be exploited by malware, so you need to update it as soon as possible. Please update and remove the older versions from your computer. Do the following:
Go to Start | Control Panel | Add/Remove Programs
Search in the list for all previous installed versions of Java (J2SE Runtime Environment ...)
Select it and click Remove.
Then download and install the newest version from here:
Java Runtime Environment (JRE) 6u2

Please run Panda's ActiveScan.
Once you are on the Panda site click the Scan your PC button
A new window will open, click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan has finished - if anything malicious is found - click the See Report button.
Click Save Report and save the file to your Desktop, so you can post this log in your next reply.

I'd like to see the Panda report in your reply.
Thanks,
Charles

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#7 Groeger1

Groeger1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 17 August 2007 - 09:26 PM

Hello Charles,

I've un-installed the old versions of Java and am running the most up-to-date version. I've included the panda scan log here:


Incident Status Location

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Beth\Application Data\Mozilla\Firefox\Profiles\pduyppkr.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Beth\Application Data\Mozilla\Firefox\Profiles\pduyppkr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Beth\Application Data\Mozilla\Firefox\Profiles\pduyppkr.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[servedby.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.overture.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.sexlist.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.adultfriendfinder.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.com.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[statse.webtrendslive.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.bluestreak.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.ads.addynamix.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.bs.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.target.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.burstnet.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.cs.sexcounter.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[www.burstbeacon.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[server.iad.liveperson.net/hc/88287119]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[server.iad.liveperson.net/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.yadro.ru/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.atwola.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[landing.domainsponsor.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.revenue.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.go.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.com.com/]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\George\Local Settings\Temp\MBDownloader_876919.exe
Virus:Generic Malware Disinfected C:\Documents and Settings\George\Local Settings\Temp\NI.UWAS7_0001_N91M2703\setup.exe
Virus:Trj/Downloader.OXI Disinfected C:\Documents and Settings\George\Local Settings\Temp\snapsnet.exe
Adware:Adware/WinAntiSpyware Not disinfected C:\Documents and Settings\George\Local Settings\Temp\WinAntiSpyware2007Setup.exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\George\Local Settings\Temp\yazzlesnet.exe
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\qtxn8txj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Linda\Cookies\linda@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Linda\Cookies\linda@drivecleaner[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Linda\Cookies\linda@entrepreneur[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Linda\Cookies\linda@errorsafe[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Linda\Cookies\linda@target[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Linda\Cookies\linda@www.drivecleaner[2].txt
Virus:Trj/Downloader.OXI Disinfected C:\Documents and Settings\Linda\Local Settings\Temp\k11u72.exe
Virus:Generic Malware Disinfected C:\Documents and Settings\Linda\Local Settings\Temp\NI.UWAS7_0001_N91M2703\setup.exe
Adware:Adware/WinAntiSpyware Not disinfected C:\Documents and Settings\Linda\Local Settings\Temp\WinAntiSpyware2007Setup.exe
Virus:Trj/Downloader.OXI Disinfected C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\6524VRVL\k11u72[1].exe
Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\6524VRVL\kcehc_eicooc[1]
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\94IU4PFC\idien[1]
Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\V5X3UQ8A\adfcookmazafuka[1]
Virus:Trj/Downloader.PJT Disinfected C:\VundoFix Backups\nyqkrktp.exe.bad
Virus:Trj/Downloader.PUT Disinfected C:\WINDOWS\system32\B1\m22011.exe
Virus:Generic Malware Disinfected C:\WINDOWS\system32\stera.exe
Adware:Adware/WebHancer

#8 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 18 August 2007 - 03:21 PM

I think the log got cut off, can you try pasting the other half again, please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#9 Groeger1

Groeger1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 18 August 2007 - 04:54 PM

That was everything in the log. It took a really long time for it to scan. I've posted it again just be sure.



Incident Status Location

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Beth\Application Data\Mozilla\Firefox\Profiles\pduyppkr.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Beth\Application Data\Mozilla\Firefox\Profiles\pduyppkr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Beth\Application Data\Mozilla\Firefox\Profiles\pduyppkr.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[servedby.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.overture.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.sexlist.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.adultfriendfinder.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.com.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[statse.webtrendslive.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.bluestreak.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.ads.addynamix.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.bs.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.target.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.burstnet.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.cs.sexcounter.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[www.burstbeacon.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[server.iad.liveperson.net/hc/88287119]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[server.iad.liveperson.net/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.yadro.ru/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.atwola.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[landing.domainsponsor.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.revenue.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.go.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.com.com/]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\George\Local Settings\Temp\MBDownloader_876919.exe
Virus:Generic Malware Disinfected C:\Documents and Settings\George\Local Settings\Temp\NI.UWAS7_0001_N91M2703\setup.exe
Virus:Trj/Downloader.OXI Disinfected C:\Documents and Settings\George\Local Settings\Temp\snapsnet.exe
Adware:Adware/WinAntiSpyware Not disinfected C:\Documents and Settings\George\Local Settings\Temp\WinAntiSpyware2007Setup.exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\George\Local Settings\Temp\yazzlesnet.exe
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Linda\Application Data\Mozilla\Firefox\Profiles\qtxn8txj.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Linda\Cookies\linda@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Linda\Cookies\linda@drivecleaner[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Linda\Cookies\linda@entrepreneur[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Linda\Cookies\linda@errorsafe[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Linda\Cookies\linda@target[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Linda\Cookies\linda@www.drivecleaner[2].txt
Virus:Trj/Downloader.OXI Disinfected C:\Documents and Settings\Linda\Local Settings\Temp\k11u72.exe
Virus:Generic Malware Disinfected C:\Documents and Settings\Linda\Local Settings\Temp\NI.UWAS7_0001_N91M2703\setup.exe
Adware:Adware/WinAntiSpyware Not disinfected C:\Documents and Settings\Linda\Local Settings\Temp\WinAntiSpyware2007Setup.exe
Virus:Trj/Downloader.OXI Disinfected C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\6524VRVL\k11u72[1].exe
Virus:Trj/Downloader.PJT Disinfected C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\6524VRVL\kcehc_eicooc[1]
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\94IU4PFC\idien[1]
Virus:Trj/Downloader.PCQ Disinfected C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\V5X3UQ8A\adfcookmazafuka[1]
Virus:Trj/Downloader.PJT Disinfected C:\VundoFix Backups\nyqkrktp.exe.bad
Virus:Trj/Downloader.PUT Disinfected C:\WINDOWS\system32\B1\m22011.exe
Virus:Generic Malware Disinfected C:\WINDOWS\system32\stera.exe
Adware:Adware/WebHancer

#10 Groeger1

Groeger1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 18 August 2007 - 04:58 PM

Shall I try and run the scan again?

Thanks again for your help.

-George

#11 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 18 August 2007 - 06:02 PM

Is that all there is in the logfile?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#12 Groeger1

Groeger1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 18 August 2007 - 06:10 PM

I'm pretty sure that's all it saved. I'm looking at the .txt file that was saved as "Activescan". Does that sound right?

#13 rookie147

rookie147

  • Members
  • 5,321 posts
  • OFFLINE
  •  
  • Local time:09:17 PM

Posted 19 August 2007 - 04:33 AM

Yep. Can you run the scan again for me then, please?

If you are pleased with the service I have offered, you may like to consider making a donation. Posted Image
Posted Image


#14 Groeger1

Groeger1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 19 August 2007 - 06:17 AM

Will do.

#15 Groeger1

Groeger1
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 19 August 2007 - 08:32 AM

Hi Charles,

I ran the scan again, but this time I selected for it to scan my computer rather than local drives. I'm quite sure this is everything it came up with in the log, though it might not be working on my comp for some reason. I'll run the local drive scan right now to check that again.

Thanks:


Incident Status Location

Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Beth\Application Data\Mozilla\Firefox\Profiles\pduyppkr.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Beth\Application Data\Mozilla\Firefox\Profiles\pduyppkr.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Beth\Application Data\Mozilla\Firefox\Profiles\pduyppkr.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[servedby.advertising.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.doubleclick.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.statcounter.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.tribalfusion.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[ad.yieldmanager.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.atdmt.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.overture.com/]
Spyware:Cookie/SexList Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.sexlist.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.casalemedia.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.adultfriendfinder.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.questionmarket.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.com.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.ehg-dig.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.ads.pointroll.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[statse.webtrendslive.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.bluestreak.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.ads.addynamix.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.fastclick.net/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.adrevolver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.zedo.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.bs.serving-sys.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.trafficmp.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.perf.overture.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.target.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.burstnet.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.cs.sexcounter.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[www.burstbeacon.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[server.iad.liveperson.net/hc/88287119]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[server.iad.liveperson.net/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.yadro.ru/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.atwola.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[landing.domainsponsor.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies-1.txt[.revenue.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.go.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.com.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.overture.com/]
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.ads.addynamix.com/]
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.azjmp.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\George\Application Data\Mozilla\Firefox\Profiles\tkd1svzt.default\cookies.txt[.bs.serving-sys.com/]
Adware:Adware/Mirar Not disinfected C:\Documents and Settings\George\Local Settings\Temp\MBDownloader_876919.exe
Adware:Adware/WinAntiSpyware Not disinfected C:\Documents and Settings\George\Local Settings\Temp\WinAntiSpyware2007Setup.exe
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\George\Local Settings\Temp\yazzlesnet.exe
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Linda\Cookies\linda@doubleclick[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Linda\Cookies\linda@drivecleaner[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Linda\Cookies\linda@entrepreneur[2].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Linda\Cookies\linda@errorsafe[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Linda\Cookies\linda@target[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Linda\Cookies\linda@www.drivecleaner[2].txt
Adware:Adware/WinAntiSpyware Not disinfected C:\Documents and Settings\Linda\Local Settings\Temp\WinAntiSpyware2007Setup.exe
Adware:Adware/eZula Not disinfected C:\Documents and Settings\Linda\Local Settings\Temporary Internet Files\Content.IE5\94IU4PFC\idien[1]
Adware:Adware/WebHancer Not disinfected C:\WINDOWS\system32\temp2\hn12.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users