Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Server4.103092804 And Ad.firstadsolution And Problem


  • Please log in to reply
9 replies to this topic

#1 Kambiz

Kambiz

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 28 November 2005 - 01:33 AM

Hi, I am a new member and I have a problem with ad.firstadsolution and server4.103092804 and ... . I have already scaned my computer with HJT and the results are as below. I would be apreciated if you can help me to remove all spyware. I have used spybot and yahoo Antispyware, they couldn't remove these ads.

Many Thanks
Kambiz

Logfile of HijackThis v1.99.1
Scan saved at 1:23:52 AM, on 11/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Inetd\inetd32.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Jconfig\jconfigdnt.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\WINDOWS\System32\ACCTRES3.exe
C:\WINDOWS\system32\BCMSM168.exe
C:\Program Files\Babylon\Babylon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = 1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O1 - Hosts: 64.12.152.18 search.netscape.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [4f59da9181b6] C:\WINDOWS\System32\ACCTRES3.exe
O4 - HKLM\..\Run: [cb4fcd3b71cb] C:\WINDOWS\system32\BCMSM168.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095739206323
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Inetd\inetd32.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Jconfig\jconfigdnt.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 Kambiz

Kambiz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 29 November 2005 - 01:32 AM

Hi, I hope somebody can help me to fix my computer.

Thanks
Kambiz

#3 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:50 AM

Posted 30 November 2005 - 12:16 PM

Hi and Welcome to bleeping computer!! Posted Image

My name is David Posted Image

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

There is a bit to do on the log - i can almost guaruntee ewido will remove something - it's also a good free tool to keep in your arsenal! :thumbsup:

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck.
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful") Posted Image
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Post a new HJT log and the ewido log at the end! :flowers:
David

#4 Kambiz

Kambiz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 02 December 2005 - 02:38 AM

Hi David,

Thank you very much for your reply and help. I did scan my computer with ewido, it found 271 infected file. below is the report from ewido and HJT.

Many Thanks
Kambiz


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:24:01 AM, 12/2/2005
+ Report-Checksum: FE759F97

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1A00C40B-DA85-4aa3-A67F-582D9347EECD} -> Spyware.iSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{BC3BBF86-E4EC-4412-9676-8355468B3B05} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaLoads Enhanced -> Spyware.Downloadware : Cleaned with backup
HKU\S-1-5-21-284587905-2589800181-2619313026-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E} -> Spyware.Medialoads : Cleaned with backup
HKU\S-1-5-21-284587905-2589800181-2619313026-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000EF1-0786-4633-87C6-1AA7A44296DA} -> Spyware.FavoriteMan : Cleaned with backup
HKU\S-1-5-21-284587905-2589800181-2619313026-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A00C40B-DA85-4AA3-A67F-582D9347EECD} -> Spyware.iSearch : Cleaned with backup
HKU\S-1-5-21-284587905-2589800181-2619313026-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-284587905-2589800181-2619313026-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E7BD74F-2B8D-469E-A3EE-FB7FA682AA7D} -> Spyware.PowerSearch : Cleaned with backup
HKU\S-1-5-21-284587905-2589800181-2619313026-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85A702BA-EA8F-4B83-AA07-07A5186ACD7E} -> Spyware.Medialoads : Cleaned with backup
[556] C:\WINDOWS\System32\BDESac24.exe -> Downloader.3746.A : Cleaned with backup
[2352] C:\WINDOWS\System32\ACCTRES3.exe -> Spyware.IEDriver : Cleaned with backup
[2404] C:\WINDOWS\system32\BCMSM168.exe -> Spyware.UrlSpy : Cleaned with backup
[2416] C:\WINDOWS\system32\CDMODEM1.exe -> Spyware.UrlSpy : Cleaned with backup
[2648] C:\WINDOWS\system32\CDMODEM1.exe -> Spyware.UrlSpy : Error during cleaning
[3772] C:\WINDOWS\system32\CDMODEM1.exe -> Spyware.UrlSpy : Error during cleaning
[1324] C:\WINDOWS\System32\BDESac24.exe -> Downloader.3746.A : Error during cleaning
:mozilla.10:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.247realmedia : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Gator : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Paycounter : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Popupsponsor : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Pro-market : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.299:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.300:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Specificpop : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.355:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.356:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.409:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.655:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.657:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.658:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.659:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.660:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.661:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.662:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.663:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.664:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.666:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.667:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.668:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.669:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.670:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.671:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.672:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.673:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.674:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.681:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.682:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.683:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.684:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.685:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.686:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.687:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.698:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.704:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.719:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.720:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.721:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.725:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.746:C:\Documents and Settings\Reza\Application Data\Mozilla\Firefox\Profiles\8ceoa21y.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@-1shz2prbmdj6wvny-1sez2pra2dj6wfkoqoazweqa-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@-1shz2prbmdj6wvny-1sez2pra2dj6wjk4ckc5idpa-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@a-1shz2prbmdj6wvny-1sez2pra2dj6wjk4kgazakoq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@adbrite[1].txt -> Spyware.Cookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@ads.adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@entrepreneur.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@free.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@imgserv.adbutler[2].txt -> Spyware.Cookie.Adbutler : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@sales.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wfk4ejcpsgpqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkialcjolowmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkoaldzeeqaidj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4emdjecqqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4koazklow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4qndzwhpwydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkoejajcfoamdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkookcjkboawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyajczelqaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyulajiboqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlicpczafoawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliogdjcdpq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjloakdpcgpwmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlocodpidoq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlygmcpggoqydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyupczobqa2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiukczagowmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmycnazkfogidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyagdpaaqqsdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycmd5oeoasdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyqocjckpgudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Reza\Cookies\reza@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Reza\Local Settings\Temporary Internet Files\Content.IE5\EQUPX9SU\get_25165_Babylon.pro.5.0.4.r14.read.nfo_crack[1].htm -> Downloader.IstBar.u : Cleaned with backup
C:\Documents and Settings\Reza\Local Settings\Temporary Internet Files\Content.IE5\YLK36LS5\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/WINDOWS/NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/WINDOWS/NDNuninstall4_80.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/WINDOWS/NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/WINDOWS/NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/WINDOWS/NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/WINDOWS/NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/WINDOWS/NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/Program Files/newdotnet/uninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/Program Files/newdotnet/newdotnet6_98.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/Program Files/newdotnet/uninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/Program Files/newdotnet/newdotnet6_98.to_be_deleted -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20051104155844.zip/WINDOWS/system32/drivers/etc/hosts -> Trojan.Qhost.f : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq12.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq13.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq192.tmp -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq193.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq195.tmp -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq196.tmp -> Spyware.Cookie.Ad-flow : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq198.tmp -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq199.tmp -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19A.tmp -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19B.tmp -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19E.tmp -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19F.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A1.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A5.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A7.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A8.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A9.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1AA.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1AB.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1AF.tmp -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B1.tmp -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B2.tmp -> Spyware.Cookie.Dbbsrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B7.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B8.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B9.tmp -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1BB.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1BC.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1BD.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C1.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C2.tmp -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C5.tmp -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C6.tmp -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C7.tmp -> Spyware.Cookie.Internetfuel : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1CC.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D0.tmp -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D2.tmp -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D3.tmp -> Spyware.Cookie.Popupsponsor : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D4.tmp -> Spyware.Cookie.Popupsponsor : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D6.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D7.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1DD.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1DE.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E0.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E1.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E4.tmp -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E5.tmp -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E6.tmp -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1E7.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1EB.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1EC.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1EE.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F2.tmp -> Spyware.Cookie.X10 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F3.tmp -> Spyware.Cookie.Xxxcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1F4.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C.tmp -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp\wsx.dll -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp\wsx.ocx -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq71.tmp\wsxsvc.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq81F.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp -> Spyware.Cookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq841.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq843.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq845.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq846.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq847.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq848.tmp -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq849.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> Spyware.Cookie.Gator : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq886.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq887.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1146\A0062355.dll -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062589.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062590.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062593.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062594.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062596.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062597.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062598.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062599.exe -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062600.dll -> Spyware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062601.exe -> Adware.NewDotNet : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062602.ocx -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062603.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1157\A0062606.dll -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1168\A0063268.exe -> Downloader.OneClickSearch.k : Cleaned with backup
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1174\A0064672.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\ACCTRES3.exe -> Spyware.IEDriver : Cleaned with backup
C:\WINDOWS\SYSTEM32\asferror.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\BCMSM168.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\BDESac24.exe -> Downloader.3746.A : Cleaned with backup
C:\WINDOWS\SYSTEM32\CDMODEM1.exe -> Spyware.UrlSpy : Cleaned with backup


::Report End





Logfile of HijackThis v1.99.1
Scan saved at 2:31:15 AM, on 12/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Inetd\inetd32.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Jconfig\jconfigdnt.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Babylon\Babylon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = 1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O1 - Hosts: 64.12.152.18 search.netscape.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095739206323
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Inetd\inetd32.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Jconfig\jconfigdnt.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:50 AM

Posted 02 December 2005 - 12:13 PM

Please do both of the following before we start if possible!:

1) Please print off these intructions - they will be needed later when internet access is not available.
2) Save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
At the moment you may feel like you battling with your computer to keep it running smoothly, but doing the following things should most certainly help getting it back to how it was
_____________________

Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
DO NOT run it yet.
_____________________

With IE closed, run Hijack This again.
Put a checkmark on these entries and hit "fix checked":

O4 - Global Startup: updater.lnk = C:\Program Files\Common Files\updater\wupdater.exe
_____________________

Boot into Safe Mode

Double-click on Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\Common Files\updater\wupdater.exe
_____________________

Manually delete this folder:

C:\Program Files\Common Files\updater
_____________________

Please Navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder. (if you cannot delete some items it's fine!)
_____________________

Then go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.f
_____________________

Finally go to Control Panel > Internet Options. m
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.
_____________________

Empty the Recycle Bin.
_____________________

Reboot to normal mode and post a new HJT log
David

#6 Kambiz

Kambiz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 02 December 2005 - 02:02 PM

Hi David,

I did all instructions, but by runing KillBox.exe I didn't find C:\Program Files\Common Files\updater\wupdater.exe and there was not any updater folder in C:\Program Files\Common Files\updater. anyway, I did all instruction and below is the new HJT log.

I feel good sofar for deleting and killing spywares and...

Many Thanks
Kambiz





Logfile of HijackThis v1.99.1
Scan saved at 1:51:38 PM, on 12/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Inetd\inetd32.exe
C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Jconfig\jconfigdnt.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\Program Files\Babylon\Babylon.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://education.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://verizon.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = 1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O1 - Hosts: 64.12.152.18 search.netscape.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Companion\Modules\messmod3\v4\yhexbmes.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1095739206323
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.com/download.yahoo.com/...ropper1_3us.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Inetd\inetd32.exe
O23 - Service: Hummingbird Jconfig Daemon (Jconfigd) - Hummingbird Ltd. - C:\WINDOWS\system32\Hummingbird\Connectivity\7.11\Jconfig\jconfigdnt.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:50 AM

Posted 02 December 2005 - 02:04 PM

Clean Log!! Posted Image
How's everything running?

#8 Kambiz

Kambiz
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:50 PM

Posted 02 December 2005 - 03:10 PM

David thank you very much for your help. my computer is running very good now.
I have a question, I have a problem for my MS word, when I click the word file, it takes about 20 sec to come up the file, I think this happened because my computer was frizzed once. Do you have any idea for this problem?

again, many thanks for cleaning my computer.

Sincerely
Kambiz

#9 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:50 AM

Posted 02 December 2005 - 03:38 PM

Ok! Glad i was able to help you! :thumbsup:

The log is clean! :flowers:

Hmmm, i'm pretty sure it's not virus related. Why don;t you post a new topic in another section of this forum? I can't really help you as i don't know the answer. I'm sure someone else on another part of the board will be able to!

If i have helped you please consider making a donation using the "make a donation" button in my signature. My help is free, but please consider it to keep me fighting spyware for you and others! :trumpet: :inlove:

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

David

#10 JackTheVirusTerminator

JackTheVirusTerminator

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:50 AM

Posted 28 December 2005 - 08:13 PM

sorry hvae made new post

Edited by JackTheVirusTerminator, 28 December 2005 - 08:15 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users