Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Popups From Z404.com !


  • This topic is locked This topic is locked
26 replies to this topic

#1 happycooldude

happycooldude

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 06 March 2006 - 06:37 AM

I started getting popups when using firefox/IE (www.z404.com, and different website with yyy65.html as webpage), which maybe due to some spyware download. I've put all the sites in hosts file to ignore the same. Please help me with a solution. My L2MFIX find log for your reference. Thanks in advance :

L2MFIX find log 010406
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\fp0u03d9e.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{4FEECAAA-91A9-623B-EDF5-90B53DF4B3DB}"=""

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{BDA77241-42F6-11d0-85E2-00AA001FE28C}"="LDVP Shell Extensions"
"{2B3453E4-49DF-11D3-8229-0080BE509050}"="GMail Drive"
"{2B3453E4-49DF-11D3-8229-0080BE509052}"="GMailFS Property Sheet"
"{2B3453E4-49DF-11D3-8229-0080BE509054}"="GMailFS Drop Handler"
"{2B3453E4-49DF-11D3-8229-0080BE509056}"="GMailFS Context Menu"
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}"="iTunes"
"{709C6E11-538F-4759-86AC-6ACB302AA0DE}"="Desktop Manager"
@=""
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{F2185E5D-720E-4956-90D9-75F6AC141575}"="Idea2 SidebarIconHandler Class"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{8F2357C8-6CFC-43E0-9EF2-7129F1DE6CAC}"="ERCUTIL Menu Extension"
"{DA8BB31D-C731-4A17-BF9F-6F2AE2D4CBBD}"="TaskbarX"
"{0F1F9ED0-95C6-485D-9E77-D2534D35B06D}"=""
"{5F695232-6CAA-4A73-9AE7-1B3CAA8C1B96}"=""
"{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A}"="PhoneBrowser"
"{C0C4375A-5B72-4efe-929D-3B848C3A1E91}"="Message View"
"{8FF88D21-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 Context Menu Shell Extension"
"{8FF88D25-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 DragDrop Shell Extension"
"{8FF88D27-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 Context Menu Shell Extension"
"{8FF88D23-7BD0-11D1-BFB7-00AA00262A11}"="WinAce Archiver 2.6 Property Sheet Shell Extension"
"{C81DCBCA-8AE2-41FC-9C39-78B160393210}"="RhinoShExt"

**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{0F1F9ED0-95C6-485D-9E77-D2534D35B06D}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F1F9ED0-95C6-485D-9E77-D2534D35B06D}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F1F9ED0-95C6-485D-9E77-D2534D35B06D}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{0F1F9ED0-95C6-485D-9E77-D2534D35B06D}\InprocServer32]
@="C:\\WINDOWS\\system32\\MAT2FW95.DLL"
"ThreadingModel"="Apartment"

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\CLSID\{5F695232-6CAA-4A73-9AE7-1B3CAA8C1B96}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5F695232-6CAA-4A73-9AE7-1B3CAA8C1B96}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5F695232-6CAA-4A73-9AE7-1B3CAA8C1B96}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\CLSID\{5F695232-6CAA-4A73-9AE7-1B3CAA8C1B96}\InprocServer32]
@="C:\\WINDOWS\\system32\\wbavideo.dll"
"ThreadingModel"="Apartment"

**********************************************************************************
Files Found are not all bad files:

C:\WINDOWS\SYSTEM32\
crmmdlg.dll Wed Jan 25 2006 1:16:58p ..S.R 234,755 229.25 K
e0200a~1.dll Mon Feb 20 2006 3:08:36a ..S.R 234,755 229.25 K
fp0u03~1.dll Tue Feb 28 2006 4:27:48p ..S.R 236,591 231.04 K
gdi32.dll Tue Jan 3 2006 4:08:04a A.... 260,608 254.50 K
gp20l3~1.dll Tue Jan 17 2006 11:13:56a ..S.R 236,690 231.14 K
jtn807~1.dll Fri Mar 3 2006 9:17:50a ..S.R 235,688 230.16 K
lv0s09~1.dll Wed Jan 25 2006 11:40:24a ..S.R 234,755 229.25 K
mat2fw95.dll Fri Mar 3 2006 9:38:40a ..S.R 236,591 231.04 K
mjcertui.dll Fri Jan 27 2006 8:32:02p ..S.R 234,755 229.25 K
mxg4dmod.dll Fri Dec 9 2005 1:18:14p ..S.R 234,755 229.25 K
sporder.dll Mon Mar 6 2006 11:18:02a A.... 8,464 8.27 K
wbhelp2.dll Fri Feb 17 2006 3:28:32p A.... 50,688 49.50 K
webclnt.dll Wed Jan 4 2006 9:07:34a A.... 64,000 62.50 K
wmp.dll Tue Dec 6 2005 6:02:16a A.... 5,533,696 5.28 M

14 items found: 14 files (9 H/S), 0 directories.
Total of file sizes: 8,036,791 bytes 7.66 M
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 9051-AB72

Directory of C:\WINDOWS\System32

03/03/2006 09:38 AM 236,591 MAT2FW95.DLL
03/03/2006 09:17 AM 235,688 jtn8075ue.dll
02/28/2006 04:27 PM 236,591 fp0u03d9e.dll
02/27/2006 03:20 PM 7,168 Thumbs.db
02/26/2006 03:00 AM <DIR> dllcache
02/20/2006 03:08 AM 234,755 e0200afmed2a0.dll
01/27/2006 08:32 PM 234,755 mjcertui.dll
01/25/2006 01:16 PM 234,755 crmmdlg.dll
01/25/2006 11:40 AM 234,755 lv0s09d7e.dll
01/17/2006 11:13 AM 236,690 gp20l3fm1.dll
12/09/2005 01:18 PM 234,755 mxg4dmod.dll
11/24/2005 03:10 PM 234,755 WFDRMdev.dll
11/24/2005 02:51 PM 235,129 wbavideo.dll
11/15/2005 03:34 PM 234,755 lt0027dmg.dll
11/12/2005 05:33 PM 234,272 ohecli.dll
11/12/2005 05:31 PM 234,272 iBsada.dll
11/12/2005 04:57 PM 236,269 ktrul7991.dll
11/12/2005 04:29 PM 234,272 psdgen.dll
11/12/2005 04:24 PM 234,272 sunike.dll
11/12/2005 03:42 PM 234,272 kpdpl1.dll
06/07/2005 01:53 PM <DIR> Microsoft
19 File(s) 4,238,771 bytes
2 Dir(s) 2,190,200,832 bytes free

BC AdBot (Login to Remove)

 


m

#2 happycooldude

happycooldude
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 06 March 2006 - 06:48 AM

Please help me with the z404.com popups !! Below is my HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 5:10:16 PM, on 3/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spm\spmd.exe
C:\Pavan\bin\Alias\docs\Wrapper.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\Hummbird\inetd32.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Pavan\bin\Alias\docs\jre\bin\java.exe
D:\Software\SoftImage\XSI_3.5\Application\bin\ray3xsi3_5server.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Pavan\bin\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Pavan\bin\MSAntiSpyWare\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Pavan\bin\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
c:\progra~1\exceed.nt\exceed.exe
C:\Pavan\bin\ThunderBird\thunderbird.exe
C:\Pavan\bin\Yahoo\WidgetEngine\YahooWidgetEngine.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\PAVAN\BIN\FIREFOX\FIREFOX.EXE
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
D:\Software\WinAce\WinAce.exe
C:\DOCUME~1\pawan\LOCALS~1\Temp\~AceTemp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: My Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WINTASK] msmgrxp.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Pavan\bin\MSAntiSpyWare\gcasServ.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Pavan\bin\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\RunServices: [WINTASK] msmgrxp.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [PcSync] C:\Pavan\bin\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Exceed (XDMCP).lnk = C:\Program Files\Exceed.nt\Xsession.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Pavan\bin\ThunderBird\thunderbird.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Pavan\bin\Yahoo\WidgetEngine\YahooWidgetEngine.exe
O8 - Extra context menu item: &Clean Traces - C:\Pavan\bin\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Pavan\bin\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Pavan\bin\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Pavan\bin\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport - C:\Pavan\bin\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Pavan\bin\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Pavan\bin\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Pavan\bin\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Pavan\bin\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Pavan\bin\sideBar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Pavan\bin\sideBar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Pavan\bin\sideBar\sbhelp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: GMAIL - {8C932710-ABCD-3586-DCAB-40E2D75B3737} - C:\Pavan\enjoy\bookmarks.html (file missing)
O9 - Extra 'Tools' menuitem: Gmail - {8C932710-ABCD-3586-DCAB-40E2D75B3737} - C:\Pavan\enjoy\bookmarks.html (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Pavan\bin\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Pavan\bin\Hello\PicasaCapture.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Pavan\bin\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Pavan\bin\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Hijacked Internet access by New.Net
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118137244546
O20 - Winlogon Notify: RunServices - C:\WINDOWS\system32\fp0u03d9e.dll
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\bijhfiae.dll (file missing)
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Pavan\bin\Alias\docs\Wrapper.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGVsbA\command.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\System32\Hummbird\inetd32.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Ray3xsi3_5 Server (Ray3xsi3_5Server) - Unknown owner - D:\Software\SoftImage\XSI_3.5\Application\bin\ray3xsi3_5server.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH & Co. KG - C:\WINDOWS\System32\spm\spmd.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#3 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:43 PM

Posted 06 March 2006 - 09:06 AM

Hello and welcome, let's get started :thumbsup:

First, please download LSPfix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4; NewDotNet Removal Procedure 4.

After the uninstallation, remember to delete this folder: C:\Program Files\NewDotNet\ (Or might be named New.Net)

Empty recycle bin.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.

==

Please download delcmdservice (by Marckie), and save it to your Desktop.
  • Unzip the content to your Desktop (a folder named delcmdservice)
  • Double-click on the delcmdservice folder
  • Double-click on delreg.bat to launch the tool
  • When the tool has finished, please reboot your computer.
==

Post back with a fresh HijackThis log :flowers:
Hi there, stranger!

#4 happycooldude

happycooldude
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 06 March 2006 - 11:11 AM

Hi Rawe .. and thanks for the speedy reply !! :thumbsup:

I followed the instructions you said:

1. Removed the New.Net Applications or New.Net Domain stuff.
2. Deleted the folder: C:\Program Files\NewDotNet\.
3. Emptied recycle bin.
4. Download delcmdservice.
5. Ran the delreg.bat file.
6. Reboot.
7. Generated HijackThis log.

:flowers:

I still find the popups & I also can't access my
background images. :huh:


Below is the log for HijackThis after the same:

Logfile of HijackThis v1.99.1
Scan saved at 9:28:33 PM, on 3/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spm\spmd.exe
C:\Pavan\bin\Alias\docs\Wrapper.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\Hummbird\inetd32.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Pavan\bin\Alias\docs\jre\bin\java.exe
D:\Software\SoftImage\XSI_3.5\Application\bin\ray3xsi3_5server.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Pavan\bin\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Pavan\bin\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Pavan\bin\ThunderBird\thunderbird.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Pavan\bin\Yahoo\WidgetEngine\YahooWidgetEngine.exe
c:\progra~1\exceed.nt\exceed.exe
C:\Pavan\bin\MSAntiSpyWare\gcasDtServ.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Dump\HijackThis.exe
C:\WINDOWS\system32\rundll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [WINTASK] msmgrxp.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Pavan\bin\MSAntiSpyWare\gcasServ.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Pavan\bin\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunServices: [WINTASK] msmgrxp.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [PcSync] C:\Pavan\bin\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Exceed (XDMCP).lnk = C:\Program Files\Exceed.nt\Xsession.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Pavan\bin\ThunderBird\thunderbird.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Pavan\bin\Yahoo\WidgetEngine\YahooWidgetEngine.exe
O8 - Extra context menu item: &Clean Traces - C:\Pavan\bin\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Pavan\bin\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Pavan\bin\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Pavan\bin\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport - C:\Pavan\bin\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Pavan\bin\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Pavan\bin\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Pavan\bin\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Pavan\bin\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Pavan\bin\sideBar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Pavan\bin\sideBar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Pavan\bin\sideBar\sbhelp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: GMAIL - {8C932710-ABCD-3586-DCAB-40E2D75B3737} - C:\Pavan\enjoy\bookmarks.html (file missing)
O9 - Extra 'Tools' menuitem: Gmail - {8C932710-ABCD-3586-DCAB-40E2D75B3737} - C:\Pavan\enjoy\bookmarks.html (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Pavan\bin\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Pavan\bin\Hello\PicasaCapture.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Pavan\bin\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Pavan\bin\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118137244546
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\k8260ifse8260.dll
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\bijhfiae.dll (file missing)
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Pavan\bin\Alias\docs\Wrapper.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\System32\Hummbird\inetd32.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: Ray3xsi3_5 Server (Ray3xsi3_5Server) - Unknown owner - D:\Software\SoftImage\XSI_3.5\Application\bin\ray3xsi3_5server.exe
O23 - Service: SPM License Server (spmd) - mental images GmbH & Co. KG - C:\WINDOWS\System32\spm\spmd.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#5 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:43 PM

Posted 06 March 2006 - 11:25 AM

Hi again, let's continue. :thumbsup:

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Windows\System32\msmgrxp.exe
    C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe


  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

==

After reboot:

Please create a folder on your desktop called Sysclean.

Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.

Go to http://www.trendmicro.com/download/pattern.asp and download the Official Pattern Release for windows to your desktop.

This file will be called lptXXX.zip (XXX represents the version number)

Unzip lptXXX.zip and you'll get a file lpt$vpn.XXX.

Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

Open the sysclean-folder and double-click sysclean.com.
Check: "Automatically clean or delete detected files."
Click "Scan".
When the scan is finished, select: "View log".

Copy and paste this log in your next reply. :flowers:
Hi there, stranger!

#6 happycooldude

happycooldude
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 07 March 2006 - 02:11 AM

Hi Rawe,

did the stuff as you asked me to do. Here is a brief :

1. Downloaded Killbox & ran it as specified.

C:\Windows\System32\msmgrxp.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe



2. Didn't receive any "PendingFileRenameOperations" prompt.

3. Restart.

4. Created Sysclean folder.

5. Downloaded the stuff - lptXXX.zip

6. Couldn't turn off the antivirus installed on my system, maybe
some sysadmin stuff I've to look into. :thumbsup:

7. Ran sysclean.com

8. Ran Scan.

9. View log shows up stuff but can't select it. :flowers:

Will try to get you the info ASAP. But the popups still persist and I still cant access my
background.

#7 happycooldude

happycooldude
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 07 March 2006 - 02:14 AM

Virus Scan Log :

/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2006-03-06, 22:02:30, Auto-clean mode specified.
2006-03-06, 22:02:30, Running scanner "C:\Documents and Settings\pawan\Desktop\sysclean\TSC.BIN"...
2006-03-06, 22:02:44, Scanner "C:\Documents and Settings\pawan\Desktop\sysclean\TSC.BIN" has finished running.
2006-03-06, 22:02:44, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows XP(Build 2600: Service Pack 1)

Start time : Mon Mar 06 2006 22:02:32

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\pawan\Desktop\sysclean\tsc.ptn" (version 718) [success]

Complete time : Mon Mar 06 2006 22:02:44
Execute pattern count(2949), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-03-06, 22:03:28, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2006-03-06, 22:03:28, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2006-03-06, 22:03:29, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-03-06, 22:03:29, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-03-06, 22:03:29, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2006-03-06, 22:03:29, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2006-03-06, 22:03:29, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-03-06, 22:03:29, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-03-06, 22:03:29, An error occurred while scanning file "C:\Documents and Settings\pawan\NTUSER.DAT": Access is denied.
2006-03-06, 22:03:29, An error occurred while scanning file "C:\Documents and Settings\pawan\ntuser.dat.LOG": Access is denied.
2006-03-06, 22:04:29, An error occurred while scanning file "C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\parent.lock": Access is denied.
2006-03-06, 22:05:35, An error occurred while scanning file "C:\Documents and Settings\pawan\Application Data\Thunderbird\Profiles\58t0kjdt.default\parent.lock": Access is denied.
2006-03-06, 22:06:27, An error occurred while scanning file "C:\Documents and Settings\pawan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2006-03-06, 22:06:27, An error occurred while scanning file "C:\Documents and Settings\pawan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2006-03-06, 22:07:46, An error occurred while scanning file "C:\Documents and Settings\pawan\Local Settings\Temp\~DF5CF7.tmp": Access is denied.
2006-03-06, 22:07:46, An error occurred while scanning file "C:\Documents and Settings\pawan\Local Settings\Temp\~DF652E.tmp": Access is denied.
2006-03-06, 22:36:52, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\colbact.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comuid.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\es.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\txflog.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\callcont.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\evtgprov.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\h323.tsp": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\msgina.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\mst120.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll": Access is denied.
2006-03-06, 22:37:39, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll": Access is denied.
2006-03-06, 22:37:40, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll": Access is denied.
2006-03-06, 22:37:40, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\schannel.dll": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-013EA364.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\ATTRIB.EXE-39EAFB02.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\AU_.EXE-342BE8E1.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\A~NSISU_.EXE-1EC522AC.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\CLDMA.EXE-223B1029.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\CLIPREX.EXE-2AECC5C6.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\CLIPREXDSFREE.EXE-3193BFAA.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\CPUINFO.EXE-1AF502E1.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\DAP.EXE-31540D34.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\DWHWIZRD.EXE-1D638167.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\EXECNOWINDOW.EXE-320C8092.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\FFDSHOW.EXE-169ABF6F.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\FIND.EXE-0EC32F1E.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\FINDSTR.EXE-0CA6274B.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-20CFB210.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASSERVALERT.EXE-0588E80A.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\GIANTANTISPYWAREMAIN.EXE-16C316D9.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\GLB1A2B.EXE-024A68F1.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\GSWIN32C.EXE-05A7482D.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-021A57B5.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1C4205D3.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\IBM00001.EXE-2D7E14E8.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\IGFXEXT.EXE-20973E2B.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\IGFXTRAY.EXE-3391579A.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\IKERNEL.EXE-078AA887.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\IKERNEL.EXE-2EFA43C7.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\INSTALL.EXE-07392EDF.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\ISOBUSTER.EXE-09E7C89F.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\JAVA.EXE-2633BE53.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\KILLBOX.EXE-37AF5CCD.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\L2MFIX.EXE-285B9ECD.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\LIMEWIRE.EXE-15E082CA.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\LUALL.EXE-2BCC229F.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-02DB5950.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\MAGICISO.EXE-1A0E544D.pf": Access is denied.
2006-03-06, 22:39:54, Could not set file for reading on "C:\WINDOWS\Prefetch\MAYA.EXE-1873753F.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MORPHEUS.EXE-1B7BB0F2.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MOVIETHUMB.EXE-02E6A3BB.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MPLAYER.EXE-05759357.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\MYSRCHSP.EXE-058FC728.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\NDNUNI~1.EXE-089066A9.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\NDNUNI~2.EXE-0AD3AD02.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\NET.EXE-01A53C2F.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\NET1.EXE-029B9DB4.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\NNCLXA638.EXE-0723AE9F.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\PDVDSERV.EXE-063C66F6.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\PDVD_6_TRIAL_9LANG.EXE-013F28F2.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\PHOTOSHOP.EXE-1A3DECEA.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\PICASA2.EXE-221C4848.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\PLAYBOY_-_THE_MANSION.EXE-001E6057.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\POWERDVD.EXE-0977E3FE.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\POWERPNT.EXE-17CE3F4E.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\REALONEMESSAGECENTER.EXE-0F115151.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\REALPLAY.EXE-1BF219BD.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\REALSCHED.EXE-3282FD31.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\REG.EXE-08B8318B.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\REGDACL.EXE-28AED5B8.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-1B606482.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-12CF656F.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-13EBF178.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-170B6C39.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-19C74A8C.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1D138BB4.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-21528611.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-26848DFA.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-268BFF96.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E62241F.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3053B77B.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-34626D2F.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-35801D00.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-35BB92D4.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-388C9436.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C9F0532.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-41720B1D.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-47AED797.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\S4BARSP.EXE-1301DF80.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\S4SETP.EXE-1ED00E77.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\SET17.TMP-22801179.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\SET22D.TMP-0CA7B3E9.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-01CE1922.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-21311343.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP_MAGICISO.EXE-2824E64E.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\SNDVOL32.EXE-383480B7.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\SWREG.EXE-283D87BE.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-35856678.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\TRIAL.EXE-24B3B046.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\TRIALMGR.EXE-06B7A70B.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINSTALL.EXE-0046D2E0.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINSTALL.EXE-157F02EA.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\UNPACK200.EXE-098B5DFC.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\UNWISE.EXE-00A7B987.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\UNWISE.EXE-2A02A6FA.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\UPGRADE.EXE-094522A5.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\VVSNINST.EXE-1C06D394.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WINACE.EXE-072B0AAA.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WINAMP.EXE-0D0189CA.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-10D55173.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIAPSRV.EXE-1E2270A5.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9D.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA3.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA5.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WORDPAD.EXE-24533991.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WRAPPER.EXE-06948F4E.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\XSI.EXE-38052EC8.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\XSIBATCH.EXE-2B1A2EAA.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\XSICHOOSER.EXE-0D591E16.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\YPAGER.EXE-31587640.pf": Access is denied.
2006-03-06, 22:39:55, Could not set file for reading on "C:\WINDOWS\Prefetch\YUPDATER.EXE-3946FDDF.pf": Access is denied.
2006-03-06, 22:42:17, An error occurred while scanning file "C:\WINDOWS\SoftwareDistribution\EventCache\{CD948120-2B8F-4B3E-BD69-16200C84501D}.bin": Access is denied.
2006-03-06, 22:42:56, An error occurred while scanning file "C:\WINDOWS\system32\dn0401dqe.dll": Access is denied.
2006-03-06, 22:43:55, An error occurred while scanning file "C:\WINDOWS\system32\m0ju0a19ed.dll": Access is denied.
2006-03-06, 22:45:17, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2006-03-06, 22:45:17, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2006-03-06, 22:45:17, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2006-03-06, 22:45:17, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2006-03-06, 22:45:17, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2006-03-06, 22:45:17, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2006-03-06, 22:45:17, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2006-03-06, 22:45:17, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2006-03-06, 22:45:17, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2006-03-06, 22:45:17, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2006-03-06, 22:47:30, Could not set file for reading on "C:\WINDOWS\Temp\hsperfdata_SYSTEM\1832": Access is denied.
2006-03-06, 22:47:33, Running scanner "C:\Documents and Settings\pawan\Desktop\sysclean\VSCANTM.BIN"...
2006-03-06, 23:23:17, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2006 22:47:34
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 249 (118554 Patterns) (2006/03/05) (324900)
Command Line: C:\Documents and Settings\pawan\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\pawan\Desktop\sysclean

90501 files have been read.
90501 files have been checked.
65219 files have been scanned.
194864 files have been scanned. (including files in archived)
4 files containing viruses.
Found 9 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2006 23:23:17
---------*---------*---------*---------*---------*---------*---------*---------*
2006-03-06, 23:23:17, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2006 22:47:34
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 249 (118554 Patterns) (2006/03/05) (324900)
Command Line: C:\Documents and Settings\pawan\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\pawan\Desktop\sysclean

Success Clean [ JAVA_BYTEVER.S]( 1) from C:\Documents and Settings\pawan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-bae16f0-6cb2e3da.zip,(NewURLClassLoader.class)
Success Clean [ JAVA_BYTEVER.R]( 1) from C:\Documents and Settings\pawan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-5166ddaa.zip,(javainstaller\InstallerApplet.class)
Success Clean [ JAVA_BYTEVER.R]( 1) from C:\Documents and Settings\pawan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-61ec1b50.zip,(javainstaller\InstallerApplet.class)
Success Clean [ JAVA_BYTEVER.A]( 1) from C:\Documents and Settings\pawan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv661.jar-897c2ff-7b64bf2d.zip,(Parser.class)
90501 files have been read.
90501 files have been checked.
65219 files have been scanned.
194864 files have been scanned. (including files in archived)
4 files containing viruses.
Found 9 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2006 23:23:17 35 minutes 42 seconds (2141.39 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-03-06, 23:23:17, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2006 22:47:34
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 249 (118554 Patterns) (2006/03/05) (324900)
Command Line: C:\Documents and Settings\pawan\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\pawan\Desktop\sysclean

90501 files have been read.
90501 files have been checked.
65219 files have been scanned.
194864 files have been scanned. (including files in archived)
4 files containing viruses.
Found 9 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2006 23:23:17 35 minutes 42 seconds (2141.39 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-03-06, 23:23:17, Scanner "C:\Documents and Settings\pawan\Desktop\sysclean\VSCANTM.BIN" has finished running.
2006-03-06, 23:27:46, An error was detected on "D:\System Volume Information\*.*": Access is denied.
2006-03-06, 23:28:38, Running scanner "C:\Documents and Settings\pawan\Desktop\sysclean\VSCANTM.BIN"...
2006-03-06, 23:34:32, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2006 23:28:41
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 249 (118554 Patterns) (2006/03/05) (324900)
Command Line: C:\Documents and Settings\pawan\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\pawan\Desktop\sysclean

15506 files have been read.
15506 files have been checked.
10516 files have been scanned.
13534 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2006 23:34:32
---------*---------*---------*---------*---------*---------*---------*---------*
2006-03-06, 23:34:32, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2006 23:28:41
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 249 (118554 Patterns) (2006/03/05) (324900)
Command Line: C:\Documents and Settings\pawan\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\pawan\Desktop\sysclean

15506 files have been read.
15506 files have been checked.
10516 files have been scanned.
13534 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2006 23:34:32 5 minutes 47 seconds (347.06 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-03-06, 23:34:32, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 3/6/2006 23:28:41
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 249 (118554 Patterns) (2006/03/05) (324900)
Command Line: C:\Documents and Settings\pawan\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\pawan\Desktop\sysclean

15506 files have been read.
15506 files have been checked.
10516 files have been scanned.
13534 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 3/6/2006 23:34:32 5 minutes 47 seconds (347.06 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-03-06, 23:34:32, Scanner "C:\Documents and Settings\pawan\Desktop\sysclean\VSCANTM.BIN" has finished running.

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:43 PM

Posted 07 March 2006 - 08:44 AM

Hi again; lets continue with the fix. I know what is causing your popups, I'm merely trying to clean everything else up before going after that particular infection. :thumbsup: Have some patience with me here -- we'll get you cleaned up.

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download the trial version of Ewido Anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


=
Run a scan with HijackThis and check the following objects for removal if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [WINTASK] msmgrxp.exe
O4 - HKLM\..\RunServices: [WINTASK] msmgrxp.exe
O20 - Winlogon Notify: RunOnce - C:\WINDOWS\system32\k8260ifse8260.dll
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\bijhfiae.dll (file missing)


Now close ALL other open windows except for HijackThis and hit FIX CHECKED.
==

Please run a scan with Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily. (Maybe Desktop)
  • Close Ewido Anti-Malware.
==

Now, reboot back into Normal mode, open the Report.txt file and copy & paste it's content to this thread along with a fresh HijackThis log. :flowers:
Hi there, stranger!

#9 happycooldude

happycooldude
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 08 March 2006 - 04:13 AM

Hi Rawe,

1. Download the trial version of Ewido Anti-malware.
2. Restarted in safe mode.
3. Ran a scan with HijackThis and checked the following objects for removal:


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: (no name) - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - (no file)
O4 - HKLM\..\Run: [WINTASK] msmgrxp.exe
O4 - HKLM\..\RunServices: [WINTASK] msmgrxp.exe
O21 - SSODL: SysTray.Excn2 - {1722ECFF-4356-4f5b-B534-E67294FE75E9} - C:\WINDOWS\System32\bijhfiae.dll (file missing)


4. Ran HijackThis and hit FIX CHECKED.
5. Ran a scan with Ewido
6. Reboot.
7. Ran HijackThis for log.

Below is the ewido scan report :

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:15:14 PM, 3/8/2006
+ Report-Checksum: 8CDBE1F7

+ Scan result:

[588] C:\WINDOWS\system32\mvjdbc10.dll -> Adware.Look2Me : Cleaned with backup
[644] C:\WINDOWS\system32\mtdmo.dll -> Adware.Look2Me : Error during cleaning
[716] C:\WINDOWS\system32\mtdmo.dll -> Adware.Look2Me : Error during cleaning
C:\!KillBox\ibm00001.exe -> Logger.Small.dg : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.21:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.22:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.44:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.45:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.46:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.50:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.51:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.53:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.55:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.63:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.64:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.66:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.71:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.72:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.74:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.76:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.79:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.81:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.82:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.83:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.84:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.85:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.93:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.94:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.95:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.96:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.99:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.102:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.103:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.104:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.105:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.106:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.127:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.128:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.129:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.130:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.131:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.132:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.133:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.134:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.135:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.136:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.137:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.138:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.139:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.140:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.141:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.142:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.143:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.144:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.145:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.146:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.147:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.148:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.152:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.153:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.154:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.156:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.157:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.158:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.159:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.160:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.161:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.162:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.163:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.164:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.266:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.267:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.268:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.269:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.279:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.280:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.281:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.282:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.283:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.284:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.285:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.286:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.291:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.292:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.295:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.296:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.297:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.298:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.299:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.300:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.301:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.302:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.303:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.304:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.305:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.306:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.309:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.310:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.311:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.318:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.324:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.329:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.330:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.331:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.333:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
:mozilla.335:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.336:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.337:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.338:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
:mozilla.339:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.340:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.341:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.342:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.343:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.344:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.345:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.346:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.347:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.352:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.353:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.354:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.355:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.357:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.358:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.359:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.360:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.361:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.362:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.379:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.391:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.404:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.405:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.406:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.407:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.415:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.416:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.436:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.437:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.438:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.439:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.440:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.444:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.445:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.447:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.462:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.463:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.477:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.503:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.513:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.525:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.528:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.529:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.530:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.531:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.533:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.565:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.571:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.572:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.573:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.582:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.612:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.631:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.656:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.657:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.678:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.679:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.690:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.691:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.692:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.737:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.771:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.772:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.773:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.774:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.803:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.833:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.834:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.835:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
:mozilla.856:C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@c4.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@cnetaustralia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@ehg-nokiafin.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@ehg-overseenet.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\pawan\Cookies\pawan@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\pawan\Local Settings\Temporary Internet Files\Content.IE5\L803PXWL\ysb_prompt[1].htm -> Downloader.IstBar.j : Cleaned with backup
C:\Pavan\bin\MSAntiSpyWare\Quarantine\B1B758E9-0B9B-45AF-8ABE-FF08D0\E2CE6876-8CB4-4DE7-9F9E-58EC4E -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\crmmdlg.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cza.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dn0001dme.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\e0200afmed2a0.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\gp20l3fm1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iBsada.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\jtn8075ue.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\kpdpl1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ktrul7991.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lt0027dmg.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\lv0s09d7e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mjcertui.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mvjdbc10.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mxg4dmod.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ohecli.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\psdgen.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\r2p80c7uef.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\sunike.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\system.mcm -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\urnp.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\WFDRMdev.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\Temp\NNCLXA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\Temp\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup
C:\WINDOWS\ZGVsbA\asappsrv.dll -> Adware.CommAd : Cleaned with backup


::Report End

Below is the HijackThis log :

Logfile of HijackThis v1.99.1
Scan saved at 2:34:35 PM, on 3/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Pavan\bin\Alias\docs\Wrapper.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Software\ewido\ewidoctrl.exe
C:\Pavan\bin\Alias\docs\jre\bin\java.exe
D:\Software\ewido\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Hummbird\inetd32.exe
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe
C:\Pavan\bin\MSAntiSpyWare\gcasDtServ.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Pavan\bin\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Pavan\bin\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Pavan\bin\ThunderBird\thunderbird.exe
C:\Pavan\bin\Yahoo\WidgetEngine\YahooWidgetEngine.exe
C:\Pavan\bin\FireFox\firefox.exe
C:\Program Files\Exceed.nt\exceed.exe
D:\Dump\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Pavan\bin\MSAntiSpyWare\gcasServ.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Pavan\bin\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [PcSync] C:\Pavan\bin\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: Exceed (XDMCP).lnk = C:\Program Files\Exceed.nt\Xsession.exe
O4 - Startup: Mozilla Thunderbird.lnk = C:\Pavan\bin\ThunderBird\thunderbird.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Pavan\bin\Yahoo\WidgetEngine\YahooWidgetEngine.exe
O8 - Extra context menu item: &Clean Traces - C:\Pavan\bin\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Pavan\bin\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Pavan\bin\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Pavan\bin\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport - C:\Pavan\bin\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Pavan\bin\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Pavan\bin\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Pavan\bin\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Pavan\bin\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://C:\Pavan\bin\sideBar\sbhelp.dll/menuhandler.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Pavan\bin\sideBar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Pavan\bin\sideBar\sbhelp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: GMAIL - {8C932710-ABCD-3586-DCAB-40E2D75B3737} - C:\Pavan\enjoy\bookmarks.html (file missing)
O9 - Extra 'Tools' menuitem: Gmail - {8C932710-ABCD-3586-DCAB-40E2D75B3737} - C:\Pavan\enjoy\bookmarks.html (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Pavan\bin\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Pavan\bin\Hello\PicasaCapture.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Pavan\bin\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Pavan\bin\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118137244546
O20 - Winlogon Notify: SearchGo - C:\WINDOWS\system32\wbavideo.dll (file missing)
O20 - Winlogon Notify: ShellScrap - C:\WINDOWS\system32\hrnq0555e.dll
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Pavan\bin\Alias\docs\Wrapper.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - D:\Software\ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Software\ewido\ewidoguard.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\System32\Hummbird\inetd32.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

#10 happycooldude

happycooldude
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 08 March 2006 - 04:30 AM

Sorry .. I should first thank you for the effort you've put in here ..
:thumbsup: I really feel you and your group are doing a great job !!
Thanks for the help !! :huh:

Hopefully I'll be outta these popups pretty soon !!
:flowers: :huh: :huh:

#11 happycooldude

happycooldude
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 10 March 2006 - 04:25 AM

Hi Rawe,

Did that "Thank You" note come too early?? :thumbsup:
No update for 2 days .. hope you aren't too
busy !! :flowers:

Still those popups ruining my day !! :huh:

#12 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:10:43 AM

Posted 10 March 2006 - 01:56 PM

Hi happycooldude,

Rawe has been having problems with his computer, so I'm stepping in for him. :thumbsup:

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a fresh HijackThis log.
Thanks,
Nick

BleepingComputer
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz© 2006

#13 happycooldude

happycooldude
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 11 March 2006 - 03:05 AM

Hi Nick,

Thanks for the update. Hope Rawe's PC is doing fine :thumbsup:

Below is the Look2Me-Destroyer log :

Will be back with the other stuff right away !!

Look2Me-Destroyer V1.0.7

Scanning for infected files.....
Scan started at 3/11/2006 12:59:16 PM

Infected! C:\WINDOWS\system32\n08olal31dq.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP374\A0033357.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040450.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040455.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040468.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040484.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040486.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040595.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040599.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040650.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040692.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040693.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040694.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040695.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040696.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040697.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040698.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040699.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040700.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040701.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040702.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040703.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040704.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040705.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040706.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040707.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040708.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040710.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040711.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040714.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040715.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040716.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP387\A0040848.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP387\A0040852.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP388\A0040935.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP388\A0040939.dll
Infected! C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP388\A0041939.dll
Infected! C:\WINDOWS\system32\dnnm0151e.dll
Infected! C:\WINDOWS\system32\k8jsli1718.dll
Infected! C:\WINDOWS\system32\mtdmo.dll
Infected! C:\WINDOWS\system32\mv8ql9l51.dll
Infected! C:\WINDOWS\system32\n08olal31dq.dll
Infected! C:\WINDOWS\system32\__delete_on_reboot__iwetmib1.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\n08olal31dq.dll
C:\WINDOWS\system32\n08olal31dq.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP374\A0033357.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP374\A0033357.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040450.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040450.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040455.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040455.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040468.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040468.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040484.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040484.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040486.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP381\A0040486.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040595.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040595.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040599.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040599.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040650.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040650.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040692.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040692.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040693.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040693.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040694.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040694.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040695.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040695.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040696.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040696.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040697.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040697.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040698.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040698.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040699.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040699.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040700.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040700.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040701.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040701.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040702.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040702.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040703.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040703.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040704.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040704.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040705.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040705.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040706.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040706.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040707.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040707.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040708.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040708.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040710.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040710.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040711.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040711.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040714.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040714.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040715.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040715.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040716.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP382\A0040716.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP387\A0040848.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP387\A0040848.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP387\A0040852.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP387\A0040852.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP388\A0040935.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP388\A0040935.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP388\A0040939.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP388\A0040939.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP388\A0041939.dll
C:\System Volume Information\_restore{9742376A-435D-43D9-BAE1-58700187F2C0}\RP388\A0041939.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dnnm0151e.dll
C:\WINDOWS\system32\dnnm0151e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k8jsli1718.dll
C:\WINDOWS\system32\k8jsli1718.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mtdmo.dll
C:\WINDOWS\system32\mtdmo.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mv8ql9l51.dll
C:\WINDOWS\system32\mv8ql9l51.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n08olal31dq.dll
C:\WINDOWS\system32\n08olal31dq.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\__delete_on_reboot__iwetmib1.dll
C:\WINDOWS\system32\__delete_on_reboot__iwetmib1.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunServices

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0F1F9ED0-95C6-485D-9E77-D2534D35B06D}"
HKCR\Clsid\{0F1F9ED0-95C6-485D-9E77-D2534D35B06D}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5F695232-6CAA-4A73-9AE7-1B3CAA8C1B96}"
HKCR\Clsid\{5F695232-6CAA-4A73-9AE7-1B3CAA8C1B96}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

#14 happycooldude

happycooldude
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:13 PM

Posted 11 March 2006 - 04:22 AM

Hi Nick,


Below is the HijackThis log file and next follows
the scan report from Panda's ActiveScan.

Very happy to inform that I no longer see the
popups :thumbsup: . It has been only a few minutes
without them and I miss them sooo much :flowers: :huh:

I thank you and your team again here for the
effort put in. But I still can't access my background.
Hope you also have a solution for that .. I think you
do :huh: !!


HijackThis Log :

Logfile of HijackThis v1.99.1
Scan saved at 2:38:07 PM, on 3/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
D:\Software\ewido\ewidoctrl.exe
D:\Software\ewido\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\Hummbird\inetd32.exe
C:\WINDOWS\system32\CBA\pds.exe
D:\Software\Maya 7\docs\wrapper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Pavan\bin\MSAntiSpyWare\gcasDtServ.exe
D:\Software\Maya 7\docs\jre\bin\java.exe
C:\Pavan\bin\FireFox\firefox.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Windows Media Player\wmplayer.exe
D:\Dump\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Pavan\bin\MSAntiSpyWare\gcasServ.exe"
O8 - Extra context menu item: &Clean Traces - C:\Pavan\bin\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Pavan\bin\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Pavan\bin\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Pavan\bin\FlashGet\jc_all.htm
O8 - Extra context menu item: Download all by Net Transport - C:\Pavan\bin\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Pavan\bin\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Download using FlashGet - C:\Pavan\bin\FlashGet\jc_link.htm
O8 - Extra context menu item: Download with GetRight - C:\Pavan\bin\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Pavan\bin\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: GMAIL - {8C932710-ABCD-3586-DCAB-40E2D75B3737} - C:\Pavan\enjoy\bookmarks.html (file missing)
O9 - Extra 'Tools' menuitem: Gmail - {8C932710-ABCD-3586-DCAB-40E2D75B3737} - C:\Pavan\enjoy\bookmarks.html (file missing)
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Pavan\bin\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Pavan\bin\Hello\PicasaCapture.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Pavan\bin\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Pavan\bin\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/Activ...ldsDownload.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1118137244546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: SearchGo - C:\WINDOWS\system32\wbavideo.dll (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - D:\Software\ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Software\ewido\ewidoguard.exe
O23 - Service: Hummingbird Inetd (HCLInetd) - Hummingbird Communications Ltd. - C:\WINDOWS\System32\Hummbird\inetd32.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Maya 7.0 Documentation Server (maya70docserver) - Unknown owner - D:\Software\Maya 7\docs\wrapper.exe" -s "D:\Software\Maya 7\docs\Wrapper.conf (file missing)
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Panda ActiveScan Report :

Incident Status Location

Adware:adware/spysheriff Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH
Adware:adware/dollarrevenue Not disinfected Windows Registry
Potentially unwanted tool:application/mywebsearch Not disinfected HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}
Adware:adware/ist.sidefind Not disinfected Windows Registry
Dialer:dialer.bqw Not disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\CONC
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\pawan\Cookies\pawan@0[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\pawan\Cookies\pawan@belnk[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\pawan\Cookies\pawan@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\pawan\Cookies\pawan@dist.belnk[2].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\pawan\Cookies\pawan@mysearch[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.advertising.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.revenue.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.z1.adserver.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.com.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.spylog.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.888.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.xiti.com/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.go.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.google.com.br/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[.tickle.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\pawan\Application Data\Mozilla\Firefox\Profiles\5clklx17.default\cookies.txt[]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\pawan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-22e43687.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar Not disinfected C:\Documents and Settings\pawan\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5aa0b436-4436ff74.zip[InstallerApplet.class]
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\pawan\Cookies\pawan@0[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\pawan\Cookies\pawan@belnk[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\pawan\Cookies\pawan@desktop.kazaa[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\pawan\Cookies\pawan@dist.belnk[2].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\pawan\Cookies\pawan@mysearch[2].txt
Virus:Trj/Qhost.Y Disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20051114121425.zip[hosts]
Virus:Trj/Qhost.Y Disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20051114121433.zip[hosts]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp
Spyware:Cookie/2o7.net Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49B.tmp
Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49C.tmp
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49D.tmp
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49E.tmp
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49F.tmp
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A1.tmp
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A2.tmp
Spyware:Cookie/FastClick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A3.tmp
Spyware:Cookie/onestat.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A4.tmp
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A5.tmp
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A6.tmp
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A7.tmp
Spyware:Cookie/Versiontracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAE9.tmp
Adware:Adware/AzeSearch Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAF5.tmp
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB23.tmp
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB24.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB25.tmp
Spyware:Cookie/Clicktracks Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB28.tmp
Spyware:Cookie/Com.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB29.tmp
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2B.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2C.tmp
Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2D.tmp
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected D:\Dump\CD8\l2mfix.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\Dump\l2mfix\Process.exe

#15 Cloutz

Cloutz

    The Malware Killa


  • Members
  • 150 posts
  • OFFLINE
  •  
  • Location:Montreal, Quebec
  • Local time:10:43 AM

Posted 11 March 2006 - 10:43 AM

Hi again,

Go to Start->Run and type in regedit and hit OK. Go to File->Export and save the registry somewhere as a backup.
Copy everything inside the quote box below (starting with REGEDIT4). Paste it into Notepad. Go up to "File > Save As", then click the drop-down box to change the "Save As Type" to "All Files". Save it as fix.reg on your desktop. *Make sure there is NO blank line above REGEDIT4

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\MYSEARCH]

[-HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}]

[-HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\CONC]


Double-click fix.reg on your desktop. When asked if you want to merge with the registry click YES.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

thank you and your team again here for the
effort put in. But I still can't access my background.
Hope you also have a solution for that .. I think you
do !!!


What exactly do you mean by "can't access my background"?
Do you mean you can't change it?

Thanks,
Nick
BleepingComputer
Posted Image Did I help? Please consider a small donation via paypal. Thank You.

Ad-Aware SE|CWShredder|Spybot S&D|Ewido Security Suite|HijackThis 1.99.1

Please don't PM me asking for help. The forums are there for a reason.

Cloutz© 2006




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users