Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hjt Log Analysis Please


  • Please log in to reply
13 replies to this topic

#1 Rickshaw Driver

Rickshaw Driver

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:34 PM

Posted 11 October 2005 - 04:45 PM

Thank you for taking the time to provide this help to those of us less savvy. I have run both Spybot and AdAware as per the instructions in the tutorials.

Logfile of HijackThis v1.99.1
Scan saved at 4:38:55 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\hpb2ksrv.exe
C:\WINDOWS\System32\hpbhksrv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WDC\SetIcon.exe
C:\windows\alexa.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.cnn.com/"); (C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\prefs.js)
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: C:\WINDOWS\q156580734_disk.dll - {B212D577-05B7-4963-911E-4A8588160DFA} - C:\WINDOWS\q156580734_disk.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [IKL] C:\Program Files\IKL\IKL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Launch High Impact eMail 2.0 - {670F87A1-88B0-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 2.0 - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: Sonexis ConferenceManager - http://conf.subway.com/Downloads/cmW32client.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp.com/awebui/jsp/answerw...SWebManager.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122328691000
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q3672125_disk.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\System32\hpbhksrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 bricat

bricat

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 16 October 2005 - 12:29 PM

Welcome to the BLEEPING COMPUTER forum.:thumbsup:

Please download LQfix.exe from one of the following locations:
  • http://www.downloads.subratam.org/LQfix.exe
    http://miekiemoes.geekstogo.com/tools/LQfix.exe

  • Save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • You need an active Internet Connection, so make sure your you're not blocking any connection now.
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Download,
CWSInstall.exe
Click Fix, don't just scan. Let it fix everything it asks about.


Then do a scan with HiJackThis and post a new log by using Add Reply

#3 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:34 PM

Posted 16 October 2005 - 08:42 PM

Thank you for your help. I have done as you instructed and here is the new log:

Logfile of HijackThis v1.99.1
Scan saved at 8:40:17 PM, on 10/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\hpb2ksrv.exe
C:\WINDOWS\System32\hpbhksrv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WDC\SetIcon.exe
C:\windows\alexa.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.cnn.com/"); (C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\prefs.js)
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B212D577-05B7-4963-911E-4A8588160DFA} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [IKL] C:\Program Files\IKL\IKL.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Launch High Impact eMail 2.0 - {670F87A1-88B0-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 2.0 - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: Sonexis ConferenceManager - http://conf.subway.com/Downloads/cmW32client.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp.com/awebui/jsp/answerw...SWebManager.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122328691000
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q3672125_disk.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Adptpsco - Adobe Sytems - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\System32\hpbhksrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 bricat

bricat

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 18 October 2005 - 05:44 AM

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Then :-

Rerun HJT,and put a checkmark beside these :-


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O2 - BHO: (no name) - {11111111-2222-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\netdde.dll
O2 - BHO: C:\WINDOWS\adsldpbc.dll - {405132A4-5DD1-4BA8-A181-95C8D435093A} - C:\WINDOWS\adsldpbc.dll
O2 - BHO: (no name) - {B212D577-05B7-4963-911E-4A8588160DFA} - (no file)
O4 - HKLM\..\Run: [IKL] C:\Program Files\IKL\IKL.exe
O4 - HKCU\..\Run: [alexa] c:\windows\alexa.exe
O4 - Startup: PowerReg Scheduler.exe
O15 - Trusted Zone: *.coolwebsearch.com
O15 - Trusted Zone: *.searchmeup.com
O16 - DPF: Sonexis ConferenceManager - http://conf.subway.com/Downloads/cmW32client.cab
O20 - Winlogon Notify: style32 - C:\WINDOWS\q3672125_disk.dll


now close all windows and browsers and click FIX CHECKED


Then boot up in SAFE MODE

Then navigate to and delete these files\folders in BOLD

C:\Program Files\IKL<----folder
c:\windows\alexa.exe



then reboot normally.


Could you please download DelDomains.zip to your desktop.

Right click the DelDomains.inf file and click Install, making sure Internet Explorer is closed. You won't see anything happen. Give it a minute to do it's stuff,



Please download the trial version of Ewido Security Suite from
here. Install it and
update the program with the latest definitions. Setup the program
following the instructions here and then close it without running a scan.

Reboot into Safe Mode

Then please run Ewido security suite, and perform a full system scan.
Remove anything found,

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

* Click Save report
* Save the report to your desktop.


then reboot normally, and post a new HJT log, and the scan log from Ewido.

#5 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:34 PM

Posted 18 October 2005 - 11:39 AM

The only thing I was unable to find/remove was the folder for ILK. I even did a search for it and came up with nothing. Here are the logs you requested:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:58:42 AM, 10/18/2005
+ Report-Checksum: 1688E874

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\IncrediFind -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\KMiNT21 -> Spyware.DesktopSpyAgent : Cleaned with backup
HKU\S-1-5-21-2030945747-3011396925-2665863117-1007\Software\Alexa Internet -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-2030945747-3011396925-2665863117-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Cleaned with backup
[240] C:\WINDOWS\q3672125_disk.dll -> TrojanDownloader.Delf.h : Cleaned with backup
[772] C:\WINDOWS\q3672125_disk.dll -> TrojanDownloader.Delf.h : Error during cleaning
:mozilla.16:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.17:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.28:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.30:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.33:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.35:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.37:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.42:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.57:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.59:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.60:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.61:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.64:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.93:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.100:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.101:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.109:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.110:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.111:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.112:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.113:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.114:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.151:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.152:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.153:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.154:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.193:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.194:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.201:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.202:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.203:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.204:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.205:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.206:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.209:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.210:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.211:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.212:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.213:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.228:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.232:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.243:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.244:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.257:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.263:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.264:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.265:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.266:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.336:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
:mozilla.460:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.508:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.509:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.521:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.531:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.532:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.533:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.534:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.535:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.552:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.556:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.572:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.573:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.574:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.575:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.576:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.577:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.599:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.600:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.601:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.602:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.603:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.604:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.605:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.606:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.607:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.608:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.609:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.610:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.611:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.612:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.613:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.614:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.615:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.616:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.617:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.618:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.619:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.620:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.621:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.622:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.623:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.624:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.625:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.626:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.627:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.628:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.629:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.630:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.631:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.632:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.633:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.634:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.635:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.636:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.637:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.638:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.639:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.640:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.641:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.642:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.643:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.644:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.645:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.646:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.647:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.648:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.649:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.679:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.680:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.681:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.682:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.683:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.684:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.685:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.686:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.687:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.688:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.704:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.705:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.760:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.761:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.762:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.763:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.764:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.765:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.766:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.767:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.768:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.769:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.770:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.771:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.772:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.773:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.774:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.775:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.776:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.780:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Cqcounter : Cleaned with backup
:mozilla.791:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.792:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.793:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.794:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.795:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.822:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.830:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.831:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.832:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.852:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.874:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.875:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.876:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.877:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.878:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.883:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.884:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.885:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.886:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.887:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.896:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.897:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Firefox\Profiles\default.xrm\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.6:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.10:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.11:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.15:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.31:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.32:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.42:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
:mozilla.43:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
:mozilla.45:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.46:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.47:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.48:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.49:C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.9:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.10:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.11:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.17:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.19:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\MMI Multimedia\Application Data\Netscape\NSB\Profiles\d0exopsl.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@specificpop[2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@tfag[2].txt -> Spyware.Cookie.Tfag : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@www.burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkianajobpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Cookies\mmi multimedia@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\MMI Multimedia\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar : Cleaned with backup
C:\HijackThis\backups\backup-20051018-082611-827.dll -> TrojanDownloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP624\A0079360.exe -> Not-A-Virus.Monitor.Ardamax.23 : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP636\A0083152.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP639\A0084163.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP640\A0085164.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP644\A0085329.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP644\A0085330.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP661\A0086310.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086763.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086764.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086765.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086766.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086767.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086768.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086769.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086770.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086771.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086772.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086773.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086774.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086775.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086776.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086777.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086778.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086779.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086780.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086781.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086782.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086783.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086784.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086785.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086786.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086787.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086788.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086789.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086790.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086791.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086792.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086793.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086794.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086795.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086796.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP664\A0086797.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP699\A0103362.exe -> Spyware.404Search : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP702\A0123926.dll -> TrojanDownloader.Delf.h : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP705\A0124081.dll -> TrojanDownloader.Delf.lh : Cleaned with backup
C:\WINDOWS\q3672125_disk.dll -> TrojanDownloader.Delf.h : Cleaned with backup
C:\WINDOWS\SYSTEM32\checkIn.dll -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\in10b6s.dll -> TrojanDropper.Mudrop.m : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 11:37:40 AM, on 10/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\P

Edited by Rickshaw Driver, 18 October 2005 - 11:39 AM.


#6 bricat

bricat

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 19 October 2005 - 02:15 PM

sorry for not replying sooner, for some reason i'm not getting email notifications :thumbsup:

can you please post your HJT log again.

Edited by bricat, 19 October 2005 - 02:15 PM.


#7 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:34 PM

Posted 19 October 2005 - 02:19 PM

No problem at all, take your time. You are helping me remember? :thumbsup: The forums were acting strange at the time of my reply so that may have something to do with it. Here is the log as it stands right now.

Logfile of HijackThis v1.99.1
Scan saved at 2:17:02 PM, on 10/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\hpb2ksrv.exe
C:\WINDOWS\System32\hpbhksrv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WISPTIS.EXE
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Sunbird\sunbird.exe
C:\Program Files\Common Files\Real\Update_OB\realevent.exe
C:\HijackThis\HijackThis.exe

N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.cnn.com/"); (C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Launch High Impact eMail 2.0 - {670F87A1-88B0-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 2.0 - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp.com/awebui/jsp/answerw...SWebManager.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122328691000
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2BFE36C-5A46-417B-AF42-7A1EE7402EA6}: NameServer = 24.28.99.62,24.28.99.63
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q3672125_disk.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\System32\hpbhksrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#8 bricat

bricat

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 19 October 2005 - 02:24 PM

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files,


Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #4 to Merge Winlogon Notify Defaults, Press enter, wait a few moments
Now select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear,
then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. Copy the contents of that log and paste it back into this thread, along with a new hijackthis log.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!

#9 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:34 PM

Posted 19 October 2005 - 03:26 PM

Setting Directory
C:\
C:\
System Rebooted!

Running From:
C:\

killing explorer and rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1964 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 2584 'rundll32.exe'

Scanning First Pass. Please Wait!

First Pass Completed

Second Pass Scanning

Second pass Completed!

Zipping up files for submission:
adding: clear.reg (188 bytes security) (deflated 2%)
adding: lo2.txt (188 bytes security) (deflated 49%)
adding: status.txt (188 bytes security) (deflated 65%)
adding: test.txt (188 bytes security) (stored 0%)
adding: test2.txt (188 bytes security) (stored 0%)
adding: test3.txt (188 bytes security) (stored 0%)
adding: test5.txt (188 bytes security) (stored 0%)

Restoring Registry Permissions:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!


Registry permissions set too:

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER


Restoring Sedebugprivilege:

Granting SeDebugPrivilege to Administrators ... successful

Restoring Windows Update Certificates.:


The following Is the Current Export of the Winlogon notify key:
****************************************************************************
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style32]
"DLLName"="C:\\WINDOWS\\q3672125_disk.dll"
"logoff"="WACLEventLogoff"
"lock"="WACLEventLock"
"logon"="WACLEventLogon"
"startup"="WACLEventStartup"
"shutdown"="WACLEventShutdown"
"startshell"="WACLEventStartShell"
"unlock"="WACLEventUnlock"
"startscreensaver"="WACLEventStartScreenSaver"
"stopscreensaver"="WACLEventStopScreenSaver"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000


The following are the files found:
****************************************************************************

Registry Entries that were Deleted:
Please verify that the listing looks ok.
If there was something deleted wrongly there are backups in the backreg folder.
****************************************************************************
REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
****************************************************************************
Desktop.ini Contents:
****************************************************************************
****************************************************************************


Logfile of HijackThis v1.99.1
Scan saved at 3:24:28 PM, on 10/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\hpb2ksrv.exe
C:\WINDOWS\System32\hpbhksrv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis\HijackThis.exe

N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.cnn.com/"); (C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Launch High Impact eMail 2.0 - {670F87A1-88B0-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 2.0 - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp.com/awebui/jsp/answerw...SWebManager.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122328691000
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2BFE36C-5A46-417B-AF42-7A1EE7402EA6}: NameServer = 24.28.99.62,24.28.99.63
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: style32 - C:\WINDOWS\q3672125_disk.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\System32\hpbhksrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#10 bricat

bricat

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 19 October 2005 - 04:39 PM

Rerun HJT,and put a checkmark beside these :-


O20 - Winlogon Notify: style32 - C:\WINDOWS\q3672125_disk.dll (file missing)

now close all windows and browsers and click FIX CHECKED



Then boot up in SAFE MODE

Then navigate to and delete these files\folders in BOLD


C:\WINDOWS\q3672125_disk.dll


then reboot and post a fresh Hijackthis log.

#11 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:34 PM

Posted 19 October 2005 - 05:02 PM

The .dll file was not there when I booted into safe mode. When I reboot back to normal it was still not there.


Logfile of HijackThis v1.99.1
Scan saved at 5:01:41 PM, on 10/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\hpb2ksrv.exe
C:\WINDOWS\System32\hpbhksrv.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Daily Weather Forecast\weather.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\WDC\SetIcon.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HijackThis\HijackThis.exe

N4 - Mozilla: user_pref("browser.startup.homepage", "http://www.cnn.com/"); (C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\prefs.js)
N4 - Mozilla: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CMozilla%5Csearchplugins%5Cgoogle.src"); (C:\Documents and Settings\MMI Multimedia\Application Data\Mozilla\Profiles\default\m6ararua.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Program Files\Daily Weather Forecast\weather.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SetIcon] \Program Files\WDC\SetIcon.exe
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Launch High Impact eMail 2.0 - {670F87A1-88B0-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra 'Tools' menuitem: Launch High Impact eMail 2.0 - {C4A67F75-88B2-11d4-9030-000021D9C559} - C:\Program Files\High Impact eMail\HIemail.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (WebProgramManager Class) - http://isupport4.hp.com/awebui/jsp/answerw...SWebManager.CAB
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1122328691000
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://webchat.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/beta_reg/soesysinfo.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2BFE36C-5A46-417B-AF42-7A1EE7402EA6}: NameServer = 24.28.99.62,24.28.99.63
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: HP Status - Hewlett-Packard Company - C:\WINDOWS\System32\hpb2ksrv.exe
O23 - Service: HP Status Print - Hewlett-Packard Company - C:\WINDOWS\System32\hpbhksrv.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect Helper - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by Rickshaw Driver, 19 October 2005 - 05:04 PM.


#12 bricat

bricat

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 19 October 2005 - 05:32 PM

that looks clean now. :thumbsup:

DISABLE SYSTEM RESTORE run your anti virus, when you get the all clear
restart your system restore.(same page).then create a new restore point :-

click START\ALL PROGRAMS\ACCESSORIES\SYSTEM TOOLS\SYSTEM RESTORE. click on "create new restore point"
click on NEXT and follow the prompts.


this is to ensure that if you have to do a system restore in the future that you don't get all the nasties reinstalled again.

Then :-

Download CCLEANER

then run the scan under the windows tab.



then DEFRAG your C:\ drive.

to help speed up your system.

then let us know how the computer is running.

#13 Rickshaw Driver

Rickshaw Driver
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Location:Texas
  • Local time:10:34 PM

Posted 20 October 2005 - 09:19 AM

I have not had a chance to do these last steps yet this morning because I am on deadline, but I will do this in a couple of hours and let you know how it is running. I can't tell you the last time I didn't see the norton pop up for Trojan.Stwole message pop up on my screen. How frustrating that it could see it but not fix it. I am so appreciative of your help.

#14 bricat

bricat

  • Members
  • 205 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:34 AM

Posted 20 October 2005 - 10:12 AM

you're welcome. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users