Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Aurora


  • This topic is locked This topic is locked
4 replies to this topic

#1 terp_christina

terp_christina

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 29 April 2005 - 03:01 PM

I have these pop-up ads that I can't get rid of. This is my HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 3:54:59 PM, on 4/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_07\bin\jucheck.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\bcmwltry.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\support.com\bin\tgcmd.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\AIM\aim.exe
c:\windows\system32\uxgrdlx.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&t...ario&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - (no file)
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_07\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [lbfitey] c:\windows\system32\uxgrdlx.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:03 AM

Posted 29 April 2005 - 05:01 PM

Hi there,

Nice collection you have. I suggest you print out next instructions, because you have to perform next actions in safe mde and this page wouldn't be available then.
It's also very important you perform everything in the right order.

* Please download ewido security suite here: http://www.ewido.net/en/download/
Install and update it. Don't let it scan yet!!

* Please set your system to show all files; please see here if you're unsure how to do this.

* Reboot into Safe Mode`:
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {002EB272-2590-4693-B166-FBD5D9B6FEA6} - (no file)
O2 - BHO: (no name) - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - (no file)
O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll
O2 - BHO: InstaFinderK - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - C:\PROGRA~1\INSTAF~1\INSTAF~1.DLL
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [lbfitey] c:\windows\system32\uxgrdlx.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


* Click on Fix Checked when finished and exit HijackThis.

* Go to start > run and type next: sc delete SvcProc <OK>

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

c:\windows\system32\uxgrdlx.exe
C:\WINDOWS\Bolger.dll
C:\WINDOWS\System32\DrPmon.dll
C:\PROGRAM FILES\INSTAFINDERK <== this folder
C:\WINDOWS\satmat.exe
C:\WINDOWS\farmmext.exe
C:\Program Files\Ebates_MoeMoneyMaker <== this folder
C:\WINDOWS\svcproc.exe

*Go to start > run and type: cleanmgr and click ok.
Let it scan your system for files to remove.
Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
Press OK to remove them.

* Perform a full scan with ewido.
Let it delete everything it is finding.
When finished, you'll get the option to make a log.
Save this log, because I'll need that later.

* Reboot your system back to normal mode.

Download Findit
Unzip it to your desktop. Make sure the FindIt's.bat and XFind.com are together in the same UNZIPPED folder!

Doubleclick FindIt's.bat and it will produce a log.

Post back a fresh HijackThis log together with the log from ewido and the log from findit's and I'll take another look.

If you had any problems with deleting files or noticed any other problems during your fix, let me also know in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 terp_christina

terp_christina
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:03 PM

Posted 29 April 2005 - 10:30 PM

Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 04/29/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first

* UPX! C:\WINDOWS\FIREFO~1.EXE
* UPX! C:\WINDOWS\NAIL.EXE

»»»»» lagitamate file's can/will show in this section.

* UPX! C:\WINDOWS\System32\B5S.DLL
* UPX! C:\WINDOWS\System32\EMUSIC~1.DLL
»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»» Checking Windir\svcproc.exe and nail.exe.

Nail.exe
»»»»» Checking for System32\DrPMon.dll.

»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.

Volume in drive C is PRESARIO
Volume Serial Number is 60C1-037B

Directory of C:\WINDOWS\SYSTEM32

»»»»» Checking for SAHAgent ico files.
Volume in drive C is PRESARIO
Volume Serial Number is 60C1-037B

Directory of C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»».


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\aurora


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Bolger


! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\BolgerDll.BolgerDllObj
<NO NAME> REG_SZ Bolger Functional Class


! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}
<NO NAME> REG_SZ IBolgerDllObj


! REG.EXE VERSION 3.0

HKEY_CLASSES_ROOT\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904}


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon
Driver REG_SZ DrPMon.dll

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Monitors\ZepMon
Driver REG_SZ DrPMon.dll










here is the hijackthis:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:39:10 PM, 4/29/2005
+ Report-Checksum: D7B9F4E

+ Date of database: 4/29/2005
+ Version of scan engine: v3.0

+ Duration: 132 min
+ Scanned Files: 498980
+ Speed: 62.65 Files/Second
+ Infected files: 192
+ Removed files: 96
+ Files put in quarantine: 96
+ Files that could not be opened: 0
+ Files that could not be cleaned: 96

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\
C:\
D:\

+ Scan result:
C:\Documents and Settings\Owner\Cookies\owner@11199995[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@41409448[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@91338698[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@a.websponsors[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.adsag[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.guardian.co[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adserver.news.com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@clickagents[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@commission-junction[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@csavings.adbureau[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@dcshk2911dydgs194spvx5aox_1u4c[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@dcskqeg2voifwznnd6alhtnei_8f3u[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@desktop.kazaa[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-bestbuy.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-cafepress.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-citrixonline.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-guess.hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ehg-sierratradingpost.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@fl01.ct2.comclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@gator[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hc2.humanclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@kazaa[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@link[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@list[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@myway[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@realguide.real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@S002-00-8-14-162854-22699[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@S002-00-8-4-170619-21303[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@S005-01-5-27-250686-77323[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@S005-01-6-7-253455-79618[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@S119579[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@S126079[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@S149200[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@S152488[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@spylog[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ssa.kazaa[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@valueclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.altnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\system@myway[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20050429-200937-112.dll -> Spyware.404Search.h -> Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20050429-200937-243.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Temp\backups\backup-20050427-002834-250.dll -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\lzzarcy.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\multimpp.dll -> Spyware.BiSpy.t -> Cleaned with backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\systb.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\WINDOWS\system32\heyrpwr.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\qcukovl.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\saie321.dll -> Spyware.180solutions -> Cleaned with backup
C:\WINDOWS\system32\stmtreco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\tattldozhm.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm.exe -> Spyware.Altnet.a -> Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm25.dll -> Spyware.Altnet.b -> Cleaned with backup
C:\WINDOWS\Temp\Altnet\adm4.dll -> Spyware.Altnet.a -> Cleaned with backup
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Spyware.Altnet.b -> Cleaned with backup
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Spyware.Altnet.b -> Cleaned with backup
C:\WINDOWS\Temp\Altnet\admprog.dll -> Spyware.Altnet.b -> Cleaned with backup
C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet.b -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@11199995[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@41409448[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@91338698[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@a.websponsors[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@adknowledge[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ads.adsag[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ads.as4x.tmcs[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ads.guardian.co[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ads.monster[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@adserver.news.com[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@bravenet[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@clickagents[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@commission-junction[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@com[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@csavings.adbureau[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@data.coremetrics[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@dcshk2911dydgs194spvx5aox_1u4c[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@dcskqeg2voifwznnd6alhtnei_8f3u[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@desktop.kazaa[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ehg-bestbuy.hitbox[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ehg-cafepress.hitbox[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ehg-citrixonline.hitbox[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ehg-guess.hitbox[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ehg-sierratradingpost.hitbox[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@fl01.ct2.comclick[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@gator[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@geocities[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@hc2.humanclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@kazaa[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@linksynergy[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@link[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@list[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@myway[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@overture[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@phg.hitbox[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@realguide.real[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@realmedia[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@real[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@S002-00-8-14-162854-22699[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@S002-00-8-4-170619-21303[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@S005-01-5-27-250686-77323[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@S005-01-6-7-253455-79618[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@S119579[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@S126079[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@S149200[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@S152488[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@search.msn[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@spylog[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@ssa.kazaa[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@stat.onestat[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@targetnet[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@valueclick[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@www.altnet[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\owner@zedo[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Cookies\system@myway[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Owner\Desktop\backups\backup-20050429-200937-112.dll -> Spyware.404Search.h -> Error during cleaning
C:\Documents and Settings\Owner\Desktop\backups\backup-20050429-200937-243.dll -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Owner\Local Settings\Temp\backups\backup-20050427-002834-250.dll -> Spyware.BetterInternet -> Error during cleaning
C:\WINDOWS\lzzarcy.exe -> Spyware.BetterInternet -> Error during cleaning
C:\WINDOWS\multimpp.dll -> Spyware.BiSpy.t -> Error during cleaning
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Error during cleaning
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Error during cleaning
C:\WINDOWS\systb.exe -> Trojan.Imiserv.c -> Error during cleaning
C:\WINDOWS\system32\heyrpwr.exe -> Trojan.Agent.cp -> Error during cleaning
C:\WINDOWS\system32\qcukovl.exe -> Trojan.Agent.cp -> Error during cleaning
C:\WINDOWS\system32\saie321.dll -> Spyware.180solutions -> Error during cleaning
C:\WINDOWS\system32\stmtreco.exe -> Spyware.BetterInternet -> Error during cleaning
C:\WINDOWS\tattldozhm.exe -> Spyware.BetterInternet -> Error during cleaning
C:\WINDOWS\Temp\Altnet\adm.exe -> Spyware.Altnet.a -> Error during cleaning
C:\WINDOWS\Temp\Altnet\adm25.dll -> Spyware.Altnet.b -> Error during cleaning
C:\WINDOWS\Temp\Altnet\adm4.dll -> Spyware.Altnet.a -> Error during cleaning
C:\WINDOWS\Temp\Altnet\admdloader.dll -> Spyware.Altnet.b -> Error during cleaning
C:\WINDOWS\Temp\Altnet\admfdi.dll -> Spyware.Altnet.b -> Error during cleaning
C:\WINDOWS\Temp\Altnet\admprog.dll -> Spyware.Altnet.b -> Error during cleaning
C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet.b -> Error during cleaning


::Report End









thans a lot for your help

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:03 AM

Posted 30 April 2005 - 12:25 AM

Hello,

Good job!!

* Download Killbox to your desktop.
Click killbox.exe.
Select the option "Delete on reboot".
In the field labeled "Full Path of File to Delete" copy and paste next:

C:\WINDOWS\NAIL.EXE

Then press the button that looks like a red circle with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot.. Click YES
When it asks if you would like to Reboot now, click YES
If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Your computer will reboot now.
Ignore the error you will get about nail.exe missing afterwards.

Also, Download and install CleanUp!
http://cleanup.stevengould.org/

Start it, click cleanup and log off when finished.

I want you to check something..

Go to next site: http://virusscan.jotti.org/

On top you'll find: File to upload and scan..

Browse to next files and submit them there to scan:

C:\WINDOWS\System32\B5S.DLL
C:\WINDOWS\FIREFO~1.EXE <== this one starts with this letters (I don't think this is your firefox.exe)

Post the results from that scan in your next reply together with a new hijackthislog.

Edited by miekiemoes, 30 April 2005 - 12:25 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:12:03 AM

Posted 15 May 2005 - 06:36 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
an email with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users