Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I-worm/delf.cl Inet20004\alg.exe Keeps Reinstalling Itself


  • This topic is locked This topic is locked
19 replies to this topic

#1 bretamazzeing

bretamazzeing

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 10 April 2006 - 04:54 PM

hey,
ive got this worm that keeps reinstalling itself.. i did some research.. it says it knocks out your security and i cant seem to get rid of it.. i did all the scans..
- macafee
- house call
- panda
-avg free keeps poping up telling me there is a virus, when i put it in the vault i delete it, and it comes back a few times a day....

and it didnt get rid of it...

a friend of mine said to sign up here, and they will be able to help you....


C:\WINNT\Inet20004\alg.exe


Logfile of HijackThis v1.99.1
Scan saved at 5:53:43 PM, on 4/10/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\sesinetd.exe
C:\WINNT\system32\hserver.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\inet20004\services.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\WINNT\system32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\inet20004\socks.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\inet20004\socks.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgwb.dat
C:\PROGRA~1\Grisoft\AVGFRE~1\avgvv.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.passport.net/uilogin.srf?id=2
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe,msswip95.exe
F3 - REG:win.ini: run=C:\WINNT\inet20004\services.exe
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\bin\ZendIEToolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WXcmeinst] C:\winnt\system32\muwemafyh.exe
O4 - HKLM\..\Run: [asejet] uyohuvax.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINNT\inet20004\socks.exe
O4 - HKLM\..\Run: [adajsaaa] C:\WINNT\system32\adajsaaa.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet20004\services.exe
O4 - HKLM\..\RunServices: [asejet] uyohuvax.exe
O4 - HKCU\..\Run: [asejet] uyohuvax.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Disspy] C:\Program Files\Disspy\Disspy.exe - silent
O4 - HKCU\..\Run: [adajsaaa] C:\WINNT\system32\adajsaaa.exe
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet20004\services.exe
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Voiced Keyboard Homepage - {1ff190e7-38ab-423e-b59c-4d166c2ea5f1} - http://www.yayahoohoo.com (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k22675/sb028.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200411...llInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/175d23e4d3e397c21123/...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k42033/sb028.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135822392226
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://solo.webstertech.com:3333/msrdp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1450/ftp...02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...734/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O21 - SSODL: Client Meeting - {676C539B-8C1A-4D0F-968A-C6EBA9936E9A} - C:\WINNT\system32\sqlsuixx.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINNT\system32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - C:\WINNT\system32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe



thats what i have there


where do i go from here???

BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 10 April 2006 - 06:27 PM

Update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. Then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido.

Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 bretamazzeing

bretamazzeing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 10 April 2006 - 06:38 PM

ok thanks... ill do that now.. :thumbsup:

#4 bretamazzeing

bretamazzeing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 11 April 2006 - 09:28 AM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:17:56 AM, 4/11/2006
+ Report-Checksum: 93B8CC6F

+ Scan result:

HKU\S-1-5-21-1454471165-2111687655-1708537768-1000\Software\Microsoft\Internet Explorer\Keywords -> Adware.CoolWebSearch : Cleaned with backup
:mozilla.8:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.14:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.16:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.17:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.18:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.71:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.72:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.73:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.74:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.75:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.76:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.77:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.78:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.79:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.81:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.82:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.83:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.105:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.106:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.107:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.108:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.109:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.110:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.140:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.154:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.155:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.156:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.157:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.158:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.159:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.164:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.165:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.166:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.191:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.206:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.207:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.223:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.232:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.233:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.234:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.235:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.236:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.257:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.267:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.297:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.316:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.317:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.318:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.319:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.320:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.321:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.322:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.323:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.324:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.331:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.332:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.337:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.338:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.367:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.368:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.369:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.370:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.371:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.372:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.373:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.374:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.387:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.392:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.425:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup
:mozilla.453:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.462:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.465:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.501:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.502:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.506:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.507:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.509:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.520:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.531:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.532:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.533:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.547:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.548:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.554:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.563:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.564:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.570:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.572:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.596:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.597:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.604:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.605:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.607:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.608:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.609:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.615:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.616:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.617:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.620:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.622:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
:mozilla.627:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.656:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.660:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.661:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.664:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.685:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.719:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.739:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.756:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.791:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.792:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@cz11.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned with backup
C:\My Downloads\trilliancrack\Trillian_Pro_v2[1].0_Public_Beta_3_by_MaRKuS.zip/Loader.exe -> Not-A-Virus.VirTool.Win32.Patcher.a : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveWebDP.exe -> Adware.DelphinMediaViewer : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000002.dat -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000004.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000005.dat -> TrackingCookie.Bfast : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000006.dat -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000007.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000008.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000009.dat -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000012.dat -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000013.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000014.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000015.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000016.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000017.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000020.dat -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000024.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000027.dat -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000030.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000035.dat -> TrackingCookie.Spylog : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000036.dat -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000037.dat -> TrackingCookie.Targetnet : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000040.dat -> TrackingCookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Disspy\Backup\02_19_200601_00_02.zip/0000043.dat -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Program Files\Disspy\Backup\02_24_200615_28_26.zip/0000000.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\02_24_200615_28_26.zip/0000001.dat -> TrackingCookie.Hitslink : Cleaned with backup
C:\Program Files\Disspy\Backup\03_01_200616_10_11.zip/0000002.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_01_200616_10_11.zip/0000003.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_02_200613_43_12.zip/0000000.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\03_02_200613_43_12.zip/0000001.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_02_200613_43_12.zip/0000002.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\03_05_200614_18_13.zip/0000001.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_05_200614_18_13.zip/0000002.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\03_05_200614_18_13.zip/0000003.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_05_200614_18_13.zip/0000004.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_05_200614_18_13.zip/0000005.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_05_200614_18_13.zip/0000006.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_05_200614_18_13.zip/0000007.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_05_200614_18_13.zip/0000009.dat -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Disspy\Backup\03_05_200614_18_13.zip/0000010.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\03_05_200614_18_13.zip/0000011.dat -> TrackingCookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Disspy\Backup\03_06_200612_33_14.zip/0000000.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_06_200612_33_14.zip/0000001.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_09_200611_52_37.zip/0000001.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_09_200611_52_37.zip/0000002.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\03_09_200611_52_37.zip/0000003.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\03_09_200611_52_37.zip/0000004.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_09_200611_52_37.zip/0000006.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_09_200611_52_37.zip/0000007.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_09_200611_52_37.zip/0000008.dat -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Disspy\Backup\03_09_200611_52_37.zip/0000009.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\03_09_200611_52_37.zip/0000011.dat -> TrackingCookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Disspy\Backup\03_12_200600_27_36.zip/0000000.dat -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\Disspy\Backup\03_12_200600_27_36.zip/0000002.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_12_200600_27_36.zip/0000003.dat -> TrackingCookie.Bfast : Cleaned with backup
C:\Program Files\Disspy\Backup\03_12_200600_27_36.zip/0000004.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_12_200600_27_36.zip/0000005.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_12_200600_27_36.zip/0000006.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_12_200600_27_36.zip/0000007.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_12_200600_27_36.zip/0000010.dat -> TrackingCookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Disspy\Backup\03_12_200600_27_39.zip/0000000.dat -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Program Files\Disspy\Backup\03_12_200615_20_22.zip/0000000.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_12_200615_20_22.zip/0000001.dat -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Disspy\Backup\03_14_200611_49_44.zip/0000001.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_14_200611_49_44.zip/0000002.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_14_200611_49_44.zip/0000003.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_14_200611_49_44.zip/0000004.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_14_200611_49_44.zip/0000005.dat -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Program Files\Disspy\Backup\03_14_200611_49_44.zip/0000007.dat -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Disspy\Backup\03_14_200611_49_44.zip/0000009.dat -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Program Files\Disspy\Backup\03_15_200610_09_02.zip/0000001.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_15_200610_09_02.zip/0000002.dat -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Program Files\Disspy\Backup\03_15_200610_09_02.zip/0000003.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_15_200610_09_02.zip/0000004.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_16_200612_14_10.zip/0000001.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_16_200612_14_10.zip/0000002.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_16_200612_14_10.zip/0000003.dat -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\Disspy\Backup\03_16_200612_14_10.zip/0000004.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_16_200612_14_10.zip/0000005.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_16_200612_14_10.zip/0000006.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_16_200612_14_10.zip/0000008.dat -> TrackingCookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Disspy\Backup\03_18_200613_31_06.zip/0000000.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_18_200613_31_06.zip/0000001.dat -> TrackingCookie.Bfast : Cleaned with backup
C:\Program Files\Disspy\Backup\03_18_200613_31_06.zip/0000002.dat -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Program Files\Disspy\Backup\03_18_200613_31_06.zip/0000003.dat -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\Disspy\Backup\03_18_200613_31_06.zip/0000004.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_18_200613_31_06.zip/0000005.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_18_200613_31_06.zip/0000006.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_18_200613_31_06.zip/0000007.dat -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Program Files\Disspy\Backup\03_18_200613_31_06.zip/0000008.dat -> TrackingCookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Disspy\Backup\03_20_200610_05_22.zip/0000001.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_22_200608_52_50.zip/0000001.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_22_200608_52_50.zip/0000002.dat -> TrackingCookie.Hitslink : Cleaned with backup
C:\Program Files\Disspy\Backup\03_22_200608_52_50.zip/0000003.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_22_200608_52_50.zip/0000004.dat -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Program Files\Disspy\Backup\03_22_200608_52_50.zip/0000005.dat -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Disspy\Backup\03_23_200609_14_25.zip/0000000.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_23_200609_14_25.zip/0000001.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_23_200609_14_25.zip/0000004.dat -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Program Files\Disspy\Backup\03_23_200609_14_25.zip/0000005.dat -> TrackingCookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Disspy\Backup\03_23_200620_29_18.zip/0000000.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\03_23_200620_29_18.zip/0000001.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_23_200620_29_18.zip/0000002.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\03_25_200611_05_36.zip/0000000.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_25_200611_05_36.zip/0000002.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_25_200611_05_36.zip/0000005.dat -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Disspy\Backup\03_27_200611_33_35.zip/0000001.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\03_27_200611_33_35.zip/0000002.dat -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Program Files\Disspy\Backup\03_27_200611_33_35.zip/0000004.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_27_200611_33_35.zip/0000005.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_27_200611_33_35.zip/0000007.dat -> TrackingCookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Disspy\Backup\03_29_200612_41_17.zip/0000000.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\03_29_200612_41_17.zip/0000001.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\03_29_200612_41_17.zip/0000002.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_29_200612_41_17.zip/0000003.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\03_29_200612_41_17.zip/0000005.dat -> TrackingCookie.Sextracker : Cleaned with backup
C:\Program Files\Disspy\Backup\04_01_200617_52_12.zip/0000001.dat -> TrackingCookie.Advertising : Cleaned with backup
C:\Program Files\Disspy\Backup\04_01_200617_52_12.zip/0000002.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\04_01_200617_52_12.zip/0000003.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\04_01_200617_52_12.zip/0000004.dat -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\Disspy\Backup\04_01_200617_52_12.zip/0000005.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\04_01_200617_52_12.zip/0000006.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\04_01_200617_52_12.zip/0000007.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\04_01_200617_52_12.zip/0000008.dat -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Disspy\Backup\04_01_200617_52_12.zip/0000009.dat -> TrackingCookie.Directnetadvertising : Cleaned with backup
C:\Program Files\Disspy\Backup\04_02_200613_56_50.zip/0000000.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\04_02_200613_56_50.zip/0000001.dat -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Disspy\Backup\04_07_200614_02_50.zip/0000000.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\04_07_200614_02_50.zip/0000001.dat -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Program Files\Disspy\Backup\04_07_200614_02_50.zip/0000002.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\04_07_200614_02_50.zip/0000003.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\04_08_200616_12_00.zip/0000001.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\04_08_200616_12_00.zip/0000002.dat -> TrackingCookie.Sexlist : Cleaned with backup
C:\Program Files\Disspy\Backup\04_09_200615_37_12.zip/0000000.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\04_09_200615_37_12.zip/0000001.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\04_09_200615_37_12.zip/0000002.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\04_09_200615_37_12.zip/0000003.dat -> TrackingCookie.Hitbox : Cleaned with backup
C:\Program Files\Disspy\Backup\04_11_200600_54_37.zip/0000002.dat -> TrackingCookie.Atdmt : Cleaned with backup
C:\Program Files\Disspy\Backup\04_11_200600_54_37.zip/0000003.dat -> TrackingCookie.Bfast : Cleaned with backup
C:\Program Files\Disspy\Backup\04_11_200600_54_37.zip/0000004.dat -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Program Files\Disspy\Backup\04_11_200600_54_37.zip/0000005.dat -> TrackingCookie.Doubleclick : Cleaned with backup
C:\SaveInstCsSm.exe/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\SaveInstCsSm.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
C:\SaveInstCsSm.exe/Save.exe -> Adware.SaveNow : Cleaned with backup
C:\SaveInstCsSm.exe/SaveUninst.exe -> Adware.SaveNow : Cleaned with backup
C:\SaveInstCsSm.exe/Search.exe -> Adware.SaveNow : Cleaned with backup
C:\SaveInstCsSm.exe/Search.exe -> Adware.SaveNow : Cleaned with backup
C:\SaveInstCsSm.exe/DnldStub.exe -> Downloader.Small.kl : Cleaned with backup
C:\SaveInstCsSm.exe/DnldStub.exe -> Downloader.Small.kl : Cleaned with backup
C:\WINNT\system32\biplmaaa.exe -> Downloader.CWS.s : Cleaned with backup


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 10:19:06 AM, on 4/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\sesinetd.exe
C:\WINNT\system32\hserver.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\system32\SERVICES.EXE
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Disspy\Disspy.exe
C:\Program Files\AdsGone\adsgone.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.passport.net/uilogin.srf?id=2
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe,msswip95.exe
F3 - REG:win.ini: run=C:\WINNT\inet20004\services.exe
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\bin\ZendIEToolbar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [WXcmeinst] C:\winnt\system32\muwemafyh.exe
O4 - HKLM\..\Run: [asejet] uyohuvax.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINNT\inet20004\socks.exe
O4 - HKLM\..\Run: [adajsaaa] C:\WINNT\system32\adajsaaa.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\RunServices: [asejet] uyohuvax.exe
O4 - HKCU\..\Run: [asejet] uyohuvax.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Disspy] C:\Program Files\Disspy\Disspy.exe - silent
O4 - HKCU\..\Run: [adajsaaa] C:\WINNT\system32\adajsaaa.exe
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Voiced Keyboard Homepage - {1ff190e7-38ab-423e-b59c-4d166c2ea5f1} - http://www.yayahoohoo.com (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k22675/sb028.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200411...llInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/175d23e4d3e397c21123/...ip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -

#5 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 11 April 2006 - 03:36 PM

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe,msswip95.exe
F3 - REG:win.ini: run=C:\WINNT\inet20004\services.exe
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)
O3 - Toolbar: Zend Studio - {95188727-288F-4581-A48D-EAB3BD027314} - C:\Program Files\Zend\bin\ZendIEToolbar.dll (file missing)
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [WXcmeinst] C:\winnt\system32\muwemafyh.exe
O4 - HKLM\..\Run: [asejet] uyohuvax.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINNT\inet20004\socks.exe
O4 - HKLM\..\Run: [adajsaaa] C:\WINNT\system32\adajsaaa.exe
O4 - HKLM\..\RunServices: [asejet] uyohuvax.exe
O4 - HKCU\..\Run: [asejet] uyohuvax.exe
O4 - HKCU\..\Run: [adajsaaa] C:\WINNT\system32\adajsaaa.exe
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files\Zend\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Zend\bin\ZendIEToolbar.dll (file missing)
O15 - Trusted Zone: http://linktrader.cyberspacehq.com
O16 - DPF: {0837121A-6472-43BD-8A40-D9221FF1C4CE} - http://download.sidestep.com/get/k22675/sb028.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/175d23e4d3e397c21123/...ip/RdxIE601.cab


Exit HijackThis when done. Reboot into Safe Mode by tapping F8 after the BIOS has loaded. Using Windows Explorer, find and delete the following:

C:\Program Files\AutoUpdate <-- folder
C:\winnt\system32\muwemafyh.exe
C:\WINNT\inet20004 <-- folder
C:\WINNT\system32\adajsaaa.exe

Exit Explorer and reboot into Normal Mode. Rescan with HijackThis and post a new log here.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#6 bretamazzeing

bretamazzeing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 11 April 2006 - 04:47 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:45:40 PM, on 4/11/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\sesinetd.exe
C:\WINNT\system32\hserver.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Disspy\Disspy.exe
C:\Program Files\AdsGone\adsgone.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.passport.net/uilogin.srf?id=2
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Disspy] C:\Program Files\Disspy\Disspy.exe - silent
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Voiced Keyboard Homepage - {1ff190e7-38ab-423e-b59c-4d166c2ea5f1} - http://www.yayahoohoo.com (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200411...llInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k42033/sb028.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135822392226
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://solo.webstertech.com:3333/msrdp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1450/ftp...02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...734/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O21 - SSODL: Client Meeting - {676C539B-8C1A-4D0F-968A-C6EBA9936E9A} - C:\WINNT\system32\sqlsuixx.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINNT\system32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - C:\WINNT\system32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe


i did everything you said...
but i couldnt find these when i was in safe mode... idk if hijack deleted them before i could do anything....
C:\Program Files\AutoUpdate <-- folder
C:\winnt\system32\muwemafyh.exe
C:\WINNT\system32\adajsaaa.exe

i did delete this
C:\WINNT\inet20004 <-- folder

thanks for your help...
whats the next step??

#7 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 11 April 2006 - 05:19 PM

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#8 bretamazzeing

bretamazzeing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 11 April 2006 - 11:34 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, April 12, 2006 00:35:37
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 12/04/2006
Kaspersky Anti-Virus database records: 187654
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 230436
Number of viruses found: 21
Number of infected objects: 59
Number of suspicious objects: 0
Duration of the scan process: 19438 sec

Infected Object Name - Virus Name
C:\Documents and Settings\All Users.WINNT\Application Data\pcsvc\patchme.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.c
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bl
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0004 Infected: Trojan-Downloader.Win32.Agent.ec
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0007 Infected: Trojan-Downloader.Win32.Apropo.v
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0008 Infected: Backdoor.Win32.Ruledor.c
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: Backdoor.Win32.Ruledor.c
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bl
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0004 Infected: Trojan-Downloader.Win32.Agent.ec
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0006 Infected: not-a-virus:AdWare.Win32.EZula
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0007 Infected: Trojan-Downloader.Win32.Apropo.v
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0008 Infected: Backdoor.Win32.Ruledor.c
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: Backdoor.Win32.Ruledor.c
C:\Documents and Settings\Default User\My Documents\Data\Data\MemWatcher2.exe/data0004 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Default User\My Documents\Data\Data\MemWatcher2.exe/data0006 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Default User\My Documents\Data\Data\MemWatcher2.exe Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Default User\My Documents\Data\MemWatcher2.exe/data0004 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Default User\My Documents\Data\MemWatcher2.exe/data0006 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Default User\My Documents\Data\MemWatcher2.exe Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\High Energy Entertai\Desktop\tones\SetupInstantBuzz.exe Infected: not-a-virus:AdWare.Win32.InstantBuzz.a
C:\Documents and Settings\High Energy Entertai\My Documents\iMeshV4.exe/WISE0024.BIN/data0009 Infected: not-a-virus:AdWare.Win32.CommonName.a
C:\Documents and Settings\High Energy Entertai\My Documents\iMeshV4.exe/WISE0024.BIN/data0010 Infected: not-a-virus:AdWare.Win32.CommonName.c
C:\Documents and Settings\High Energy Entertai\My Documents\iMeshV4.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.CommonName.c
C:\Documents and Settings\High Energy Entertai\My Documents\iMeshV4.exe/WISE0027.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor
C:\Documents and Settings\High Energy Entertai\My Documents\iMeshV4.exe/WISE0027.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor
C:\Documents and Settings\High Energy Entertai\My Documents\iMeshV4.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.Cydoor
C:\Documents and Settings\High Energy Entertai\My Documents\iMeshV4.exe/WISE0028.BIN Infected: not-a-virus:AdWare.Win32.EZula.bx
C:\Documents and Settings\High Energy Entertai\My Documents\iMeshV4.exe/WISE0029.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Documents and Settings\High Energy Entertai\My Documents\iMeshV4.exe/WISE0030.BIN Infected: not-a-virus:AdWare.Win32.Gator.3202
C:\Documents and Settings\High Energy Entertai\My Documents\iMeshV4.exe Infected: not-a-virus:AdWare.Win32.Gator.3202
C:\Documents and Settings\High Energy Entertai\My Documents\picsbret\iMeshV4.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d
C:\Documents and Settings\High Energy Entertai\My Documents\picsbret\iMeshV4.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104
C:\Documents and Settings\High Energy Entertai\My Documents\picsbret\iMeshV4.exe/WISE0019.BIN/data0008/lsp_.dll Infected: not-a-virus:AdWare.Win32.Sahat.av
C:\Documents and Settings\High Energy Entertai\My Documents\picsbret\iMeshV4.exe/WISE0019.BIN/data0008/SAHAgent_.exe Infected: not-a-virus:AdWare.Win32.Sahat.bb
C:\Documents and Settings\High Energy Entertai\My Documents\picsbret\iMeshV4.exe/WISE0019.BIN/data0008/SAHDownloader_.exe Infected: not-a-virus:AdWare.Win32.Sahat.e
C:\Documents and Settings\High Energy Entertai\My Documents\picsbret\iMeshV4.exe/WISE0019.BIN/data0008 Infected: not-a-virus:AdWare.Win32.Sahat.e
C:\Documents and Settings\High Energy Entertai\My Documents\picsbret\iMeshV4.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Sahat.e
C:\Documents and Settings\High Energy Entertai\My Documents\picsbret\iMeshV4.exe/WISE0025.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor
C:\Documents and Settings\High Energy Entertai\My Documents\picsbret\iMeshV4.exe/WISE0025.BIN Infected: not-a-virus:AdWare.Win32.Cydoor
C:\Documents and Settings\High Energy Entertai\My Documents\picsbret\iMeshV4.exe/WISE0026.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104
C:\Documents and Settings\High Energy Entertai\My Documents\picsbret\iMeshV4.exe Infected: not-a-virus:AdWare.Win32.Gator.4104
C:\My Downloads\iMeshV4.exe/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet.d
C:\My Downloads\iMeshV4.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104
C:\My Downloads\iMeshV4.exe/WISE0020.BIN/data0008/lsp_.dll Infected: not-a-virus:AdWare.Win32.Sahat.av
C:\My Downloads\iMeshV4.exe/WISE0020.BIN/data0008/SAHAgent_.exe Infected: not-a-virus:AdWare.Win32.Sahat.bb
C:\My Downloads\iMeshV4.exe/WISE0020.BIN/data0008/SAHDownloader_.exe Infected: not-a-virus:AdWare.Win32.Sahat.e
C:\My Downloads\iMeshV4.exe/WISE0020.BIN/data0008 Infected: not-a-virus:AdWare.Win32.Sahat.e
C:\My Downloads\iMeshV4.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Sahat.e
C:\My Downloads\iMeshV4.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Gator.4104
C:\My Downloads\iMeshV4.exe Infected: not-a-virus:AdWare.Win32.Gator.4104
C:\Program Files\BitTorrent\uninstall.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Program Files\BitTorrent\uninstall.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Program Files\BitTorrent\uninstall.exe Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Program Files\EvilLyrics\updateEL.exe/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\Program Files\EvilLyrics\updateEL.exe Infected: not-a-virus:RiskTool.Win32.PsKill.n
C:\WINNT\Downloaded Program Files\lsp_.dll Infected: not-a-virus:AdWare.Win32.Sahat.av
C:\wmedia_bbi8015.exe/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a
C:\wmedia_bbi8015.exe/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a
C:\wmedia_bbi8015.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.a

Scan process completed.

#9 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 12 April 2006 - 03:15 AM

Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

Once in Safe Mode, Open Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • In the scriptline to execute field type or paste c:\bfu\alcanshorty.bfu
  • Press Execute and let it do itís job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

Edited by Daemon, 12 April 2006 - 10:09 AM.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#10 bretamazzeing

bretamazzeing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 12 April 2006 - 10:01 PM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:50:18 PM, 4/12/2006
+ Report-Checksum: 40F64703

+ Scan result:

:mozilla.9:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.36:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.44:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.45:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.90:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.91:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.92:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.93:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.94:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.95:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.111:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.118:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.119:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.120:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.121:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.122:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.126:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.148:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.149:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.150:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.151:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.152:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.175:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.176:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.181:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.182:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.183:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.184:C:\Documents and Settings\High Energy Entertai\Application Data\Mozilla\Firefox\Profiles\oboilhnl.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\High Energy Entertai\Cookies\high energy entertai@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Program Files\Disspy\Backup\04_11_200618_32_44.zip/0000000.dat -> TrackingCookie.Atdmt : Cleaned with backup


::Report End






Logfile of HijackThis v1.99.1
Scan saved at 11:01:04 PM, on 4/12/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\sesinetd.exe
C:\WINNT\system32\hserver.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Disspy\Disspy.exe
C:\Program Files\AdsGone\adsgone.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.passport.net/uilogin.srf?id=2
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Disspy] C:\Program Files\Disspy\Disspy.exe - silent
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Voiced Keyboard Homepage - {1ff190e7-38ab-423e-b59c-4d166c2ea5f1} - http://www.yayahoohoo.com (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200411...llInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k42033/sb028.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135822392226
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://solo.webstertech.com:3333/msrdp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1450/ftp...02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...734/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O21 - SSODL: Client Meeting - {676C539B-8C1A-4D0F-968A-C6EBA9936E9A} - C:\WINNT\system32\sqlsuixx.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINNT\system32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - C:\WINNT\system32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe



there you go...

#11 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 13 April 2006 - 02:33 AM

Grab a copy of this little free application to help control those tracking cookies in future:

http://www.analogx.com/contents/download/network/cookie.htm

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://download.sidestep.com/get/k42033/sb028.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O21 - SSODL: Client Meeting - {676C539B-8C1A-4D0F-968A-C6EBA9936E9A} - C:\WINNT\system32\sqlsuixx.dll (file missing)


Exit HijackThis when done. Reboot, rescan with HijackThis and post a final log here.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#12 bretamazzeing

bretamazzeing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 13 April 2006 - 10:49 AM

Logfile of HijackThis v1.99.1
Scan saved at 11:35:36 AM, on 4/13/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\sesinetd.exe
C:\WINNT\system32\hserver.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\system32\ezSP_Px.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Disspy\Disspy.exe
C:\Program Files\AdsGone\adsgone.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.passport.net/uilogin.srf?lc=1033&id=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.optonline.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.passport.net/uilogin.srf?id=2
F2 - REG:system.ini: UserInit=
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINNT\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [Disspy] C:\Program Files\Disspy\Disspy.exe - silent
O4 - Global Startup: AdsGone 2004.lnk = C:\Program Files\AdsGone\adsgone.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Voiced Keyboard Homepage - {1ff190e7-38ab-423e-b59c-4d166c2ea5f1} - http://www.yayahoohoo.com (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RF Toolbar &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: SWFDecompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Decompiler - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://plug-in.reallusion.com/CrazyTalk.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200411...llInstaller.exe
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-24.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/200312...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1135822392226
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://solo.webstertech.com:3333/msrdp.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/1450/ftp...02/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9CCE3B43-4DE0-4236-A84E-108CA848EE6A} (WebCam Control) - http://www.webcamnow.com/broadcast/ActiveXWebCam.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {D44C75D8-C827-473E-8F68-A77E42500782} (Uploader Class) - http://photo.walmart.com/photo/uploads/WebUploadClient.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...734/mcfscan.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www5.incredimail.com/contents/setup...er/imloader.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Houdini License Server (HoudiniLicenseServer) - Side Effects Software Inc. - C:\WINNT\system32\sesinetd.exe
O23 - Service: Houdini License Client (HoudiniServer) - Side Effects Software Inc. - C:\WINNT\system32\hserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe


and i installed that other program.. it runs itself?? and what exactly does it do??? thanks for your help ~!!

#13 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 13 April 2006 - 10:55 AM

That looks OK now - how is it running?

CookieWall intercepts cookies before they plant themselves on your machine. If you temporarily accept them you can get rid of them later or you can block them altogether.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#14 bretamazzeing

bretamazzeing
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:42 PM

Posted 13 April 2006 - 11:30 AM

its to soon to tell.. but ill use it today, and post tomorrow how it is working....

is there any other software i need to keep my pc safer, or to run smoothly????

#15 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:03:42 AM

Posted 13 April 2006 - 11:52 AM

To help keep you clean follow the recommendations in the article here:

So how did I get infected?

Let me know how it is tomorrow.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users