Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log


  • This topic is locked This topic is locked
16 replies to this topic

#1 katiecalf

katiecalf

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 AM

Posted 31 August 2005 - 12:10 PM

when I try and access this web page www.wdstar.com from either my laptop or my desktop which are networked I come up with the following porn page web address:
http://69.50.190.131/?to=dname&from=in
at which point the porn site page will change each time it is opened..... to different porn pages with different addresses.
I have run webroot spy sweeper, ad-awareSE personal, adware away,spybot search and destroy and can not get rid of what is causing this
so thought perhaps with this log someone could help me with this
thanks
Katie

Logfile of HijackThis v1.99.1
Scan saved at 11:55:04 AM, on 8/31/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\ICQ\Icq.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9877
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\toolbar.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_2
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998422461
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by katiecalf, 31 August 2005 - 12:24 PM.


BC AdBot (Login to Remove)

 


#2 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 PM

Posted 04 September 2005 - 07:46 AM

Welcome Katie to Bleeping Computer.

Disable SpySweeper during this advise, it will keep us from cleaning up.
To disable SpySweeper Shields
  • Click Shields on the left.
  • Click Internet Explorer and uncheck all items.
  • Click Windows System and uncheck all items.
  • Click Startup Programs and uncheck all items.
  • Exit Spysweeper.
***

Please disable SpybotSD’s protection, as it may hinder the removal of the infection.

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box and/or Uncheck Resident.
Close Spybot.

***

You may want to print or save these instructions locally before starting.

Please download, install, and update the free version of Ewido trojan scanner:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Run Ewido --- When you run it for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Exit Ewido. DO NOT scan yet.
***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your computer.

***

Reboot to normal mode.

***

Download the Hoster Here
Please do not use program yet

Unzip Hoster to your desktop

Open up the Hoster program.
  • Make sure that the "make hosts writable?" button in the upper right corner is enabled.
  • Click back up Host files
  • then click Restore orginal host files
  • close program
***

Post back to this topic using the button 'add reply' with a fresh HijackThis log and the Ewido log.


Posted Image
Life is what happens while you're making other plans

#3 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 AM

Posted 04 September 2005 - 03:58 PM

okay hope this is right
here is new hijackthis.log and the scan report
Katie

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:37:18 PM, 9/4/2005
+ Report-Checksum: 45643BBA

+ Scan result:

C:\cnr_setup.exe -> Spyware.eAcceleration : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Dell User\Application Data\Mozilla\Firefox\Profiles\yea9yara.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Counted : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Dell User\Application Data\Netscape\NSB\Profiles\mfeiale5.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Dell User\Local Settings\Temp\Cookies\dell user@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Dell User\Local Settings\Temp\Cookies\dell user@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Dell User\Local Settings\Temp\Cookies\dell user@e-2dj6wjlicnazidq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq322.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A7.tmp -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A8.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A9.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3AC.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B0.tmp -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B1.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B2.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B4.tmp -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B5.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B6.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B7.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B8.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B9.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3BA.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3BB.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3BC.tmp -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3BD.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3BF.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C1.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C2.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C3.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C4.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63E.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63F.tmp -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq640.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq641.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq642.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq643.tmp -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq646.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq85.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq86.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq985.tmp -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq986.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq988.tmp -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98A.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98C.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98D.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98E.tmp -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq991.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq992.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq993.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq994.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq995.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq996.tmp -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99A.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99B.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99C.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99D.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99F.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A0.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE9.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\ssupload_setup.exe -> Spyware.eAcceleration : Cleaned with backup
C:\syssnap_install.exe -> Spyware.eAcceleration : Cleaned with backup
C:\vclnr_setup.exe -> Spyware.eAcceleration : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 3:50:14 PM, on 9/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9877
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\toolbar.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_2
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Panda spyXposer - {EE657293-B4C4-4752-B035-DCBBC2D04008} - http://www.pandasoftware.com/products/spyx...r_principal.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998422461
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 AM

Posted 04 September 2005 - 04:14 PM

forgot to ask if the problem was solved or if the 2 logs were for you to fiind a solution
so I tried the website and porn site still comes up :thumbsup: :flowers:

#5 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 PM

Posted 04 September 2005 - 05:22 PM

If you cannot go to see the stable, we're not done yet :thumbsup:

Disable SpySweeper during this advise, it will keep us from cleaning up.
To disable SpySweeper Shields

* Click Shields on the left.
* Click Internet Explorer and uncheck all items.
* Click Windows System and uncheck all items.
* Click Startup Programs and uncheck all items.
* Exit Spysweeper.


***

Please disable SpybotSD’s protection, as it may hinder the removal of the infection.

Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on Resident icon.
Uncheck Teatimer box and/or Uncheck Resident.
Close Spybot.

***

You may want to print or save these instructions locally before starting.

***

Please download and install these programs - don't run them yet!!

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.


Download CWShredder.
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Download and install CleanUp! Here
Run the CleanUp! installer.
Don't use it yet.

***

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:
http://www.pchell.com/support/safemode.shtml

***

run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

***

Please run About:Buster:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end.

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it’s done, press Close.
Reboot your computer into normal windows.

***

Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.


Posted Image
Life is what happens while you're making other plans

#6 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 AM

Posted 05 September 2005 - 08:53 AM

Think I have a problem
I did all the above that you listed the only difference in what your directions gave except when I ran AboutBuster it did not task kme to allow it to shutdown explorer.exe it also did not ask about a 2nd pass
Now when I rebooted and went to the Panda software site and ran actiivescan it gets a 1/3 way through and it shuts itself down and shuts down the pandasoftware page where I accesed the scanner from

I thought it a fluke so did it a 2nd time and did it the 2nd time again
I did not change any of the setting back on spy sweeper I will set them and try again or any suggestions as to why it is not scannning
thanks
Katie

#7 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 AM

Posted 05 September 2005 - 09:12 AM

okay just set the settings back on spysweeper then tried to do just local disk scan and did the same thing closed both scan progress window and website down
here is copy of log of hijackthis log that I just did after activescan shut itselfdown for 2nd time

Logfile of HijackThis v1.99.1
Scan saved at 9:04:52 AM, on 9/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Atiptaxx.exe
C:\Program Files\Apoint\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\I8kfanGUI\I8kfanGUI.exe
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9877
F3 - REG:win.ini: load=??? ?
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: JunoBar - {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - C:\Program Files\Juno\toolbar.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [EssSpkPhone] essspk.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [i8kfangui] C:\Program Files\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [SpeedswitchXP] C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_2
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Panda ActiveScan - {653D93AF-C741-4e5e-8C1B-59BA43F93E16} - http://www.pandasoftware.com/activescan (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Panda spyXposer - {EE657293-B4C4-4752-B035-DCBBC2D04008} - http://www.pandasoftware.com/products/spyx...r_principal.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1094998422461
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

#8 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 AM

Posted 05 September 2005 - 10:28 AM

I think it might be my avast virus stoppng it as I uninstalled the actiivescan from my computer and went to reinstall the files when my avast came up with a warning
A Virus was found fille name:
http://www.pandasoftware.com/activescan/as...#092;pskavs.DLL
Win32:CTX
Virus/Worm
VPS version:0536-0, 09/05/2005
so what should I do now?
oh and porn page still comes up
thanks
Katie

#9 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 PM

Posted 05 September 2005 - 03:37 PM

The 'virus' found is actually Panda Activescan. Avast probably thinks it a virus, because of the virusdefinitions in it.

Please disable SpySweeper and Avast. Try to rerun the advise (including Panda).


Let me know what happens.


Posted Image
Life is what happens while you're making other plans

#10 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 AM

Posted 05 September 2005 - 05:50 PM

just shut down avast and spysweeper ran activscan and it shut it selfdown again and shut down the panda webpage also leaving just this web page running. when I ran the scan I had nothing else running in the background.
Katie
well also for the heck of it tried to run the panda spyexposer from the web and was reading email in the background the spyexposer did the same thing closed down it's window closed down the panda website but this time also shut down this website as well
seems my computer doesn't like the panda software.

Edited by katiecalf, 05 September 2005 - 06:01 PM.


#11 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 PM

Posted 06 September 2005 - 01:01 AM

Let's see if this scanner will work.

Please go to the TrendMicro website HERE
  • Click Check my PC now
  • On the next page it will verify that Trendmicro scan can be run.
  • There should be 4 green checkmarks, if any of them stay a red X please let me know which one(s)
  • Read the agreement, then click continue with Next Step
  • Wait for the scanner to load, if you get a security warning about the Trend-Micro applet, click YES
  • It will install "Core-Packages", then please run a full system scan - let me know how many infected items it found and if any of them couldn't be cleaned/deleted and the name/location



Posted Image
Life is what happens while you're making other plans

#12 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 AM

Posted 06 September 2005 - 08:35 AM

ran housecall full system scan and came back with no infected
soooooooo I opened a new browser page and typed in the address of
http://64.83.175.115/ and YES!!! the stall page came up!!!!
closed that page and opened a new browser window and typed in the http://www.wdstar.com in and YES!! the stall page came up
have no idea how or why as last night the porn page was still coming up but it is working!!
What in the world caused this and what should I do in future to prevent it
also it happend on my desktop also but haven't tried that yet should I just go through the steps you have already given me to get it running on that computer? I am not so concerned as to the page but the hijacker that is causing it.
I have avast and spysweeper runninig on the other machine and now have put avast on this machine instead of nortons and also have spysweeper running
thanks so much for helping me
I had posted on other tech boards and you were only one to help
I will make a donation at bottom of your thread. I don't have a lot but want to give you something
Katie
okay just tried the other computer with same problem and it came up fine??
can you explain that for me.

thanks

Edited by katiecalf, 06 September 2005 - 09:25 AM.


#13 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 PM

Posted 06 September 2005 - 09:14 AM

Katie I'm so happy for you!

You know what? I'll post you some tips for the future to keep the computer as clean as possible. As to your other computer, please don't do that on your own. Just post a HijackThis log and send me the link. We'll clean up that one too.

And your donation will be very welcome. Anything you can give is greatly appreciated.
:thumbsup:


Posted Image
Life is what happens while you're making other plans

#14 katiecalf

katiecalf
  • Topic Starter

  • Members
  • 84 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:06:29 AM

Posted 06 September 2005 - 09:29 AM

just edited my post and didn't see you had replied already
I tried it on the other machine and the web page came up fine
NOW I am totally confused
if you can explain that would be great or not is okay too LOL
just so happy you conquered it for me
thanks again
katie

#15 g2i2r4

g2i2r4

    Malware remover


  • Members
  • 900 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:29 PM

Posted 07 September 2005 - 05:11 PM

Don't be confused. My guess is your computer caused the problem on the other machine. Now that your computer is clean, so is the other one.

Shall I post you some tips for the future then and close the topic?


Posted Image
Life is what happens while you're making other plans




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users