Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Pop-ups!


  • Please log in to reply
15 replies to this topic

#1 talitha

talitha

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 27 April 2006 - 07:59 PM

:thumbsup:

H E L P

Have been having a barrage of pop-ups for ages now. Have Sophos AV, done adaware, spybot and still it comes back. Have tried the vundo for winfixer also, but still no joy!! Am a few steps away from re-installing OS. Please help!! My Hijack file is as follows:

Logfile of HijackThis v1.99.1
Scan saved at 01:35:00, on 28/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\fxssvc.exe
C:\windows\system32\Ati2evxx.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\DOCUME~1\LIZ~1.HOM\APPLIC~1\ASEMBL~1\regsvr32.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\windows\explorer.exe
C:\Program Files\HJT\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AutoLoader70361bLRMdPd] "C:\windows\System32\paqheme.exe" /PC="CP.IST" /ShowLegalNote="nonbranded" /UninstallName="CtxPls"
O4 - HKLM\..\Run: [77sg3nW] paqheme.exe
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [System Unix] syscfg32.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecik32.exe
O4 - HKLM\..\Run: [Start Uppings] mssupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [P2P Networking] C:\windows\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int113779.exe -auto
O4 - HKLM\..\Run: [Intranet Explorer] intranet.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\RunServices: [System Unix] syscfg32.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Intranet Explorer] intranet.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Shell API32] svcnet.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Omsb] "C:\DOCUME~1\LIZ~1.HOM\APPLIC~1\ASEMBL~1\regsvr32.exe" -vt yazr
O4 - HKCU\..\Run: [uiuw] C:\PROGRA~1\COMMON~1\uiuw\uiuwm.exe
O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C.../bridge-c18.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120692058265
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...650/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{124450C8-2F0D-42DC-B297-856B07339448}: NameServer = 62.24.128.18 62.24.128.17
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\windows\System32\mousehs.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 29 April 2006 - 03:24 AM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Scan again with HijackThis and check the following items:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [AutoLoader70361bLRMdPd] "C:\windows\System32\paqheme.exe" /PC="CP.IST" /ShowLegalNote="nonbranded" /UninstallName="CtxPls"
O4 - HKLM\..\Run: [77sg3nW] paqheme.exe
O4 - HKLM\..\Run: [System Unix] syscfg32.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitecik32.exe
O4 - HKLM\..\Run: [Start Uppings] mssupdate.exe
O4 - HKLM\..\Run: [P2P Networking] C:\windows\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int113779.exe -auto
O4 - HKLM\..\Run: [Intranet Explorer] intranet.exe

O4 - HKLM\..\RunServices: [System Unix] syscfg32.exe
O4 - HKLM\..\RunServices: [Start Uppings] mssupdate.exe
O4 - HKLM\..\RunServices: [Intranet Explorer] intranet.exe

O4 - HKCU\..\Run: [Shell API32] svcnet.exe
O4 - HKCU\..\Run: [uiuw] C:\PROGRA~1\COMMON~1\uiuw\uiuwm.exe

O4 - HKCU\..\RunServices: [Start Uppings] mssupdate.exe

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/6247971C.../bridge-c18.cab

O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\windows\System32\mousehs.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #2

Please run Notepad and copy the following text into a new file:

sc stop mousehs
sc stop mousehs

sc delete Network Monitor
sc delete Network Monitor

Save the file as remove.bat and make sure the "Save as type" field says "All files".
This is how the batch must look afterwards: Posted Image

Double-Click on the file remove.bat, a small DOS type window should open and close immediately.

Step #3

Reboot your computer.

Step #4

Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"

Step #5

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

#3 talitha

talitha
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 30 April 2006 - 12:24 PM

Thanks for the assistance. Have done as requested and here are the reports:

New HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 18:14:37, on 30/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\fxssvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\Program Files\dvd43\dvd43_tray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX6_0001_N69M1503NetInstaller.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\DOCUME~1\LIZ~1.HOM\APPLIC~1\ASEMBL~1\regsvr32.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\windows\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\HJT\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [NI.UWFX6_0001_N69M1503] "C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX6_0001_N69M1503NetInstaller.exe" -nag
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Omsb] "C:\DOCUME~1\LIZ~1.HOM\APPLIC~1\ASEMBL~1\regsvr32.exe" -vt yazr
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by101fd.bay101.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120692058265
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...650/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{124450C8-2F0D-42DC-B297-856B07339448}: NameServer = 62.24.128.17 62.24.128.18
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\windows\System32\mousehs.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Backlight log:

04/30/06 17:34:41 [Info]: BlackLight Engine 1.0.36 initialized
04/30/06 17:34:41 [Info]: OS: 5.1 build 2600 (Service Pack 1)
04/30/06 17:34:41 [Note]: 7019 4
04/30/06 17:34:41 [Note]: 7005 0
04/30/06 17:34:47 [Note]: 7006 0
04/30/06 17:34:47 [Note]: 7011 2196
04/30/06 17:34:48 [Note]: 7026 0
04/30/06 17:34:48 [Note]: 7026 0
04/30/06 17:35:00 [Note]: FSRAW library version 1.7.1015
04/30/06 17:42:25 [Note]: 7007 0

Active Scan log:


Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\docume~1\liz~1.hom\applic~1\asembl~1\regsvr32.exe
Adware:adware/ncase Not disinfected c:\temp\NCasePackage.exe
Adware:adware/deskwizz Not disinfected c:\windows\system32\ad.html
Adware:adware program Not disinfected c:\windows\system32\key.~
Adware:adware/favoriteman Not disinfected c:\windows\downloaded program files\ATPartners.inf
Dialer:dialer.xe Not disinfected c:\windows\downloaded program files\dbaccess.exe
Dialer:dialer.eip Not disinfected c:\windows\downloaded program files\dialere.exe
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\UERS_0001_N68M1801NetInstaller.exe
Adware:adware/ist.yoursitebar Not disinfected c:\windows\downloaded program files\ysbactivex.dll
Dialer:dialer.ekj Not disinfected c:\windows\downloaded program files\ZOZZO.exe
Adware:adware/commad Not disinfected c:\MTE3NDI6ODoxNg.exe
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/cws.bootconf Not disinfected c:\windows\default.css
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard91.dat
Spyware:spyware/media-motor Not disinfected c:\windows\ubber60.ini
Spyware:spyware/adclicker Not disinfected c:\windows\usta33.ini
Adware:adware/sahagent Not disinfected c:\windows\system32\SahImages
Adware:adware/wupd Not disinfected c:\program files\Admilli Service
Adware:adware/topconvert Not disinfected c:\program files\TopConverting
Adware:adware/sgrunt Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\sgrunt
Dialer:dialer.akd Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\TTunim
Adware:adware/atlas Not disinfected Windows Registry
Spyware:spyware/new.net Not disinfected Windows Registry
Spyware:spyware/dluca Not disinfected Windows Registry
Adware:adware/superbar Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Adware:adware/beginto Not disinfected Windows Registry
Adware:Adware/WinTools Not disinfected C:\blue.exe[mmxxxxmas2.exe]
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Dale\Cookies\dale@64.62.232[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dale\Cookies\dale@atwola[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Dale\Cookies\dale@go[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Dale\Cookies\dale@webpower[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dale\Cookies\dale@xiti[1].txt
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\a?sembly\regsvr32.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.xmts.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/24/7 Realmedia Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[www.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[www.errorsafe.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/hc/LPplayersonly]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.overture.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.advertising.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.888.com/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.versiontracker.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.valueclick.com/]
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.offeroptimizer.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.112.2o7.net/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/hc/66017244]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.targetnet.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.com.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[as1.falkag.de/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.rn11.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Bs.serving-sys Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.www.myaffiliateprogram.com/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.ehg-ati.hitbox.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/hc/764519]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.pacificpoker.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[fe.lea.lycos.es/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.7search.com/]
Spyware:Cookie/Kmpads Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.kmpads.com/]
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[c.enhance.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/hc/614779]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/go Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.go.com/]
Spyware:Cookie/Allthatsearch Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@10102[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@10103[2].txt
Spyware:Cookie/10105 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@10105[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@112.2o7[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@2o7[1].txt
Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@66.246.209[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@888

#4 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 30 April 2006 - 03:36 PM

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

----------------------------------------

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido anti-malware it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

Reboot into Safe Mode, you can do this by restarting your computer, then contiunally tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Reboot into normal mode.

Then, please run this online virus scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log and the Ewido log in your next reply.

#5 talitha

talitha
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 01 May 2006 - 04:50 PM

Thanks for the reply. Scan logs as follows:
Ewido:

+ Created on: 11:23:55, 01/05/2006
+ Report-Checksum: 48BC7209

+ Scan result:

C:\blue.exe/mmxxxxmas2.exe -> Downloader.VB.jl : Cleaned with backup
C:\blue.exe/themasterz.exe -> Hijacker.Small.hh : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adtrak : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Starware : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
:mozilla.250:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.277:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.280:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.333:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.334:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.335:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.336:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.388:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.389:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.393:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.394:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
:mozilla.404:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.416:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.418:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.425:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.439:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.450:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.484:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.485:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.486:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.487:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.488:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.489:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.490:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.538:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.539:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.540:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.550:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.551:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.553:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.555:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
:mozilla.562:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.563:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
:mozilla.569:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.577:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.606:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.608:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.622:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.623:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.624:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.628:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.629:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.630:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.631:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.665:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.685:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.686:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.687:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.688:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.714:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.763:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.768:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
:mozilla.780:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.781:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.7search : Cleaned with backup
:mozilla.782:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.7search : Cleaned with backup
:mozilla.786:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.818:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.819:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Kmpads : Cleaned with backup
:mozilla.832:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
:mozilla.862:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.863:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.868:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.885:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.894:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.912:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.922:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.940:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.943:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.949:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.951:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.960:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.961:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.962:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.964:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.965:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.966:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.967:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.970:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.971:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.972:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.973:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@ads.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@install.bestoffersnetworks[1].txt -> TrackingCookie.Bestoffersnetworks : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@revenue[3].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@try.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@www.popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\Cookies\liz@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\i99.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\ICD6.tmp\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\ICD7.tmp\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\ICD8.tmp\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\iinstall.exe -> Downloader.IstBar.ow : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\MvaXCo.exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.fr2663\Programs\SET165.tmp -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.fr2663\Programs\SET167.tmp -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.fr2663\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.fr2663\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.fr2663\Programs\whinstaller.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.fr2663\Programs\whsurvey.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.fr5D92 -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.fr63D4 -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\uA0.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\uB2.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temporary Internet Files\Content.IE5\ISTC45KP\WinFixer2006FreeInstall[1].cab/UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\My Documents\ѕуstem\mѕhta.exe -> Adware.PurityScan : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\temp\EDow.exe -> Adware.Wintol : Cleaned with backup
C:\temp\EDowPack.exe -> Dropper.Agent.hv : Cleaned with backup
C:\temp\NCasePackage.exe -> Dropper.180Solutions.a : Cleaned with backup
C:\WINDOWS\amm06.ocx -> Downloader.VB.bo : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Downloader.VB.bo : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\dbaccess.exe -> Trojan.Dialer.jl : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX6_0001_N69M1503NetInstaller.exe -> Trojan.Fakealert : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.9\UWFX6_0001_N69M1503NetInstall

#6 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 01 May 2006 - 05:43 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Please run Notepad and paste the following text into a new file:

REGEDIT4

[-hkey_local_machine\software\microsoft\windows\currentversion\TTunim]

Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files".
This is how the reg file must look afterwards: Posted Image

Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

Then reboot your computer.

Step #2

Click Start -> Run
Paste in this command and press enter:

regsvr32 /u occache.dll

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete these files and folders (if they are still there):
Files:
c:\windows\usta33.ini
c:\windows\ubber60.ini
c:\windows\default.css
c:\windows\system32\key.~
c:\windows\keyboard91.dat
c:\windows\system32\ad.html
c:\windows\downloaded program files\ZOZZO.exe
c:\windows\downloaded program files\dialere.exe
c:\windows\downloaded program files\dbaccess.exe
c:\windows\downloaded program files\ysbactivex.dll
c:\windows\downloaded program files\ATPartners.inf
c:\windows\downloaded program files\UERS_0001_N68M1801NetInstaller.exe
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Dataregsvr32.exe
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temporary Internet Files\Ssk.log

Folders:
c:\windows\system32\SahImages
c:\program files\Admilli Service
c:\program files\TopConverting
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\sgrunt



Reboot your computer normally.

Go back to:
Start -> Run
Paste in this command:

regsvr32 occache.dll

Step #5

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

Edited by didom, 01 May 2006 - 05:44 PM.


#7 talitha

talitha
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 03 May 2006 - 04:03 PM

Thanks for the post. Have followed instructions with no problems, and some of the files were not there.

Active Scan log:


Incident Status Location

Adware:adware/ncase Not disinfected c:\temp\salmau.dat
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/deskwizz Not disinfected c:\windows\dh.ini
Adware:adware/commad Not disinfected c:\windows\uninstall_nmon.vbs
Adware:adware/sahagent Not disinfected c:\windows\system32\SahImages
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/atlas Not disinfected Windows Registry
Adware:adware/topconvert Not disinfected Windows Registry
Spyware:spyware/new.net Not disinfected Windows Registry
Spyware:spyware/dluca Not disinfected Windows Registry
Adware:adware/superbar Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Adware:adware/beginto Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Spyware:spyware/adclicker Not disinfected Windows Registry
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Dale\Cookies\dale@64.62.232[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dale\Cookies\dale@atwola[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dale\Cookies\dale@go[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Dale\Cookies\dale@webpower[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dale\Cookies\dale@xiti[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/hc/LPplayersonly]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/hc/LPplayersonly]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[www.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[www.errorsafe.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.888.com/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.versiontracker.com/]
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.offeroptimizer.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.rn11.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.pacificpoker.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[fe.lea.lycos.es/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.go.com/]
Spyware:Cookie/66.246.209 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@66.246.209[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@888[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@adopt.hbmediapro[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@adrevolver[3].txt
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@anm.co[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@belnk[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@c.fsx[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@c3.gostats[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@ccbill[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@cdfreaks[2].txt
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@club.cdfreaks[1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@ct.360i[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@did-it[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@doubleclick[1].txt
Spyware:Cookie/empnads Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@empnads[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@errorsafe[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@gostats[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@i.screensavers[2].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@kount[1].txt
Spyware:Cookie/Media-motor Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@mmm.media-motor[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@offeroptimizer[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@outster[2].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@pacificpoker[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@Pinhead[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@realmedia[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@rn11[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@searchportal.information[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@toplist[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@tucows[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@winfixer[2].txt
Spyware:Cookie/ademails Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@www.ademails[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@www.errorsafe[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@xmts[2].txt
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\!update.exe
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\Cookies\liz@go[2].txt
Dialer:Dialer.BRE Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\ICD3.tmp\games.inf
Potentially unwanted tool:Application/P2PNetworking Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\p2psetup.exe
Adware:Adware/Dyfuca Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.fr10A9\optimize.exe
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.frB625
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.frD03E\whAgent.inf

------------------------------------------

HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 21:58:16, on 03/05/2006
Platform: Windows XP SP1 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Common

Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EX

E
C:\Program Files\Common

Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security

suite\ewidoctrl.exe
C:\Program Files\ewido\security

suite\ewidoguard.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X8

6\3\E_S10IC2.EXE
C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI

HYDRAVISION\HydraDM.exe
C:\Program Files\MSN

Messenger\msnmsgr.exe
C:\Program Files\Microsoft

ActiveSync\wcescomm.exe
C:\Program

Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\SAGEM\TalkTalk

Broadband\dslmon.exe
c:\Program Files\Sophos\Sophos

Anti-Virus\SAVAdminService.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
c:\Program

Files\Sophos\AutoUpdate\ALsvc.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\fxssvc.exe
C:\Program Files\ATI

Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\Program

Files\HJT\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Page =

http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.google.co.uk
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon]

RUNDLL32.EXE

C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus CX3200]

C:\WINDOWS\System32\spool\DRIVERS\W32X8

6\3\E_S10IC2.EXE /P19 "EPSON Stylus

CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Zone Labs Client]

C:\Program Files\Zone

Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run:

[HydraVisionDesktopManager] C:\Program

Files\ATI Technologies\ATI

HYDRAVISION\HydraDM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program

Files\MSN Messenger\msnmsgr.exe"

/background
O4 - HKCU\..\Run: [H/PC Connection

Agent] "C:\Program Files\Microsoft

ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Omsb]

"C:\DOCUME~1\LIZ~1.HOM\APPLIC~1\ASEMBL~

1\regsvr32.exe" -vt yazr
O4 - Global Startup: ATI CATALYST

System Tray.lnk = C:\Program Files\ATI

Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: AutoUpdate

Monitor.lnk = C:\Program

Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: DSLMON.lnk =

C:\Program Files\SAGEM\TalkTalk

Broadband\dslmon.exe
O16 - DPF:

{00B71CFB-6864-4346-A978-C0A14556272C}

(Checkers Class) -

http://messenger.zone.msn.com/binary/ms

grchkr.cab
O16 - DPF:

{17492023-C23A-453E-A040-C7C580BBF700}

(Windows Genuine Advantage Validation

Tool) -

http://go.microsoft.com/fwlink/?linkid=

39204
O16 - DPF:

{2917297F-F02B-4B9D-81DF-494B6333150B}

(Minesweeper Flags Class) -

http://messenger.zone.msn.com/binary/Mi

neSweeper.cab
O16 - DPF:

{6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windowsupda

te/v6/V5Controls/en/x86/client/wuweb_si

te.cab?1120692058265
O16 - DPF:

{7B297BFD-85E4-4092-B2AF-16A91B2EA103}

(WScanCtl Class) -

http://www3.ca.com/securityadvisor/viru

sinfo/webscan.cab
O16 - DPF:

{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}

(MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Me

ssengerStatsClient.cab
O16 - DPF:

{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan

/as5free/asinst.cab
O16 - DPF:

{AE9DCB17-F804-11D2-A44A-0020182C1446}

(IntraLaunch.MainControl) -

file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF:

{E855A2D4-987E-4F3B-A51C-64D10A7E2479}

(EPSImageControl Class) -

http://tools.ebayimg.com/eps/activex/EP

SControl_v1-32.cab
O16 - DPF:

{EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3}

-

http://register.btinternet.com/template

s/btwebcontrol023.cab
O16 - DPF:

{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}

(McFreeScan Class) -

http://download.mcafee.com/molbin/iss-l

oc/mcfscan/2,1,0,4650/mcfscan.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{1244

50C8-2F0D-42DC-B297-856B07339448}:

NameServer = 62.24.128.17 62.24.128.18
O18 - Protocol: msnim -

{828030A1-22C1-4009-854F-8E305202313F}

- "C:\PROGRA~1\MSNMES~1\msgrapp.dll"

(file missing)
O23 - Service: Ati HotKey Poller - ATI

Technologies Inc. -

C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown

owner -

C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA -

Macrovision -

C:\WINDOWS\System32\drivers\CDAC11BA.EX

E
O23 - Service:

EpsonBidirectionalService - Unknown

owner - C:\Program Files\Common

Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status

Agent2 (EPSONStatusAgent2) - SEIKO

EPSON CORPORATION - C:\Program

Files\Common

Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite

control - ewido networks - C:\Program

Files\ewido\security

suite\ewidoctrl.exe
O23 - Service: ewido security suite

guard - ewido networks - C:\Program

Files\ewido\security

suite\ewidoguard.exe
O23 - Service: InstallDriver Table

Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: iPod Service

(iPodService) - Apple Computer, Inc. -

C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Hardware Sync

(mousehs) - Unknown owner -

C:\windows\System32\mousehs.exe (file

missing)
O23 - Service: NVIDIA Display Driver

Service (NVSvc) - NVIDIA Corporation -

C:\windows\System32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status

reporter (SAVAdminService) - Sophos plc

- c:\Program Files\Sophos\Sophos

Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus

(SAVService) - Sophos plc - c:\Program

Files\Sophos\Sophos

Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate

Service - Sophos plc - c:\Program

Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TrueVector Internet

Monitor (vsmon) - Zone Labs, LLC -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------------------------------------------------------

The pop-ups have stopped btw and i can actually read your reply without the constant barrage.
Thanks for the continued help,
Talitha

#8 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 03 May 2006 - 04:35 PM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Step #2

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Save it on your Desktop.

Step #3

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #4

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #5

Find and delete these files (if they are still there):
These Files
C:\windows\dh.ini
C:\temp\salmau.dat
C:\windows\uninstall_nmon.vbs
C:\windows\system32\SahImages
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.frB625
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\p2psetup.exe
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\ICD3.tmp\games.inf
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.frD03E\whAgent.inf
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.fr10A9\optimize.exe
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temporary Internet Files\Ssk.log



Step #6

Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step #7

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Reboot your computer normally.

Step #8

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

I need you to post a new log single spaced as it makes things easier to read:

To remove the double spacing in your log, please do the following:
  • Please go to Start >> Run... and type notepad.exe
  • Hit OK.
  • Now go to Format and uncheck WordWrap.
  • Close Notepad.
  • Then post a new HijackThis log.


Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

#9 talitha

talitha
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 06 May 2006 - 05:24 PM

Thanks for last post. Latest scan logs as follows.

Ewido:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 22:42:50, 05/05/2006
+ Report-Checksum: 25F5265E

+ Scan result:

:mozilla.6:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adviva : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup

--------------------------------------------------------------------------------------

Active Scan:


Incident Status Location

Adware:adware/ncase Not disinfected c:\temp\salm_kyf.dat
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/commad Not disinfected c:\program files\Network Monitor
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/atlas Not disinfected Windows Registry
Adware:adware/topconvert Not disinfected Windows Registry
Spyware:spyware/new.net Not disinfected Windows Registry
Spyware:spyware/dluca Not disinfected Windows Registry
Adware:adware/superbar Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Adware:adware/beginto Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Spyware:spyware/adclicker Not disinfected Windows Registry
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Dale\Cookies\dale@64.62.232[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dale\Cookies\dale@atwola[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dale\Cookies\dale@go[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Dale\Cookies\dale@webpower[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dale\Cookies\dale@xiti[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/hc/LPplayersonly]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/hc/LPplayersonly]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.xmts.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adviva.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.winfixer.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[www.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.errorsafe.com/]
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[www.errorsafe.com/]
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.i.screensavers.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.888.com/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.versiontracker.com/]
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.offeroptimizer.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.rn11.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.anm.co.uk/]
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.pacificpoker.com/]
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[fe.lea.lycos.es/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.go.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@adtech[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@doubleclick[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@xmts[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\Cookies\liz@go[2].txt
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.frB625
----------------------------------------------------------------------------------------------------

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 23:19:47, on 06/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\windows\system32\Ati2evxx.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\windows\system32\fxssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Omsb] "C:\DOCUME~1\LIZ~1.HOM\APPLIC~1\ASEMBL~1\regsvr32.exe" -vt yazr
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120692058265
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...650/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{124450C8-2F0D-42DC-B297-856B07339448}: NameServer = 62.24.128.18 62.24.128.17
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\windows\System32\mousehs.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-----------------------------------------------

Cheers,
Talitha

#10 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 07 May 2006 - 05:30 AM

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Please download Spybot Search & Destroy.

1. Install Spybot S&D, accepting the Default Settings

2. In the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.

3. Close ALL windows except Spybot S&D

4. Click the button to ‘Search for Updates’ then download and install the Updates.


Please download Ad-Aware SE.

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT

4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only

Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot

Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check and make Green: Include Module list in logfile


5. Click on ‘Proceed’ to save the settings.

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Open Spybot S&D.

1. Click the button ‘Check for Problems'

2. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window

3. Make certain there is a check mark beside all of the RED entries ONLY.

4. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.

5. REBOOT (IN SAFE MODE AGAIN) to complete the scan and clear memory.

Open Ad-Aware SE

1. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

2. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

3. If Ad-Aware SE finds bad entries in the registry or bad files, you will receive a list of what it found in the window

4. Save the log file when it asks and then click ‘finish’

5. REBOOT (IN NORMAL MODE) to complete the removal of what Ad-Aware SE found.

Step #2

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #3

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Find and delete these files and folders (if they are still there):
c:\temp\salm_kyf.dat
c:\program files\Network Monitor
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temporary Internet Files\Ssk.log


Step #5

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Reboot your computer normally.

Step #6

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Start HijackThis, perform a new scan and save the log file.

Use the Add Reply button to post your new logs back here along with details of any problems you encountered performing the above steps and I will review it when it comes in.

#11 talitha

talitha
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 10 May 2006 - 06:04 AM

Done as instructed. Log files as follows:

Adaware:


Ad-Aware SE Build 1.05
Logfile Created on:09 May 2006 22:39:34
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R106 02.05.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Adware.DollarRevenue(TAC index:3):12 total references
Adware.Yazzle(TAC index:7):2 total references
CmdServices(TAC index:4):6 total references
CoolWebSearch(TAC index:10):7 total references
DyFuCA(TAC index:3):7 total references
e2give(TAC index:7):2 total references
GetMirar(TAC index:8):19 total references
MediaMotor(TAC index:8):8 total references
SurfSideKickBHO(TAC index:7):1 total references
Targetsaver(TAC index:8):9 total references
Tracking Cookie(TAC index:3):10 total references
WebHancer(TAC index:9):23 total references
win32.Trojan.Dnschanger(TAC index:10):1 total references
Win32.Trojan.Downloader(TAC index:10):1 total references
VX2(TAC index:10):5 total references
Zango(TAC index:6):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


09-05-2006 22:39:34 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 136
ThreadCreationTime : 09-05-2006 21:36:51
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\windows\system32\
ProcessID : 188
ThreadCreationTime : 09-05-2006 21:37:01
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\windows\system32\
ProcessID : 212
ThreadCreationTime : 09-05-2006 21:37:03
BasePriority : High


#:4 [services.exe]
FilePath : C:\windows\system32\
ProcessID : 256
ThreadCreationTime : 09-05-2006 21:37:07
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\windows\system32\
ProcessID : 268
ThreadCreationTime : 09-05-2006 21:37:07
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\windows\system32\
ProcessID : 436
ThreadCreationTime : 09-05-2006 21:37:11
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [savservice.exe]
FilePath : c:\Program Files\Sophos\Sophos Anti-Virus\
ProcessID : 528
ThreadCreationTime : 09-05-2006 21:37:14
BasePriority : Normal
FileVersion : 1.0.0.112
ProductVersion : 5.0.2
ProductName : Sophos Anti-Virus for Windows XP, 2000, 2003
CompanyName : Sophos plc
FileDescription : Performs virus scanning and disinfection functions
InternalName : Infrastructure.dll
LegalCopyright : Copyright © 1998-2005 Sophos Plc. All rights reserved.
OriginalFilename : Infrastructure.dll

#:8 [explorer.exe]
FilePath : C:\windows\
ProcessID : 712
ThreadCreationTime : 09-05-2006 21:37:30
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:9 [svchost.exe]
FilePath : C:\windows\system32\
ProcessID : 800
ThreadCreationTime : 09-05-2006 21:37:40
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [notepad.exe]
FilePath : C:\windows\system32\
ProcessID : 932
ThreadCreationTime : 09-05-2006 21:38:04
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:11 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 956
ThreadCreationTime : 09-05-2006 21:38:11
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : liz@serving-sys[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:liz@serving-sys.com/
Expires : 31-12-2037 23:00:00
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : liz@adrevolver[3].txt
Category : Data Miner
Comment : Hits:12
Value : Cookie:liz@media.adrevolver.com/adrevolver/
Expires : 02-02-2009 10:11:32
LastSync : Hits:12
UseCount : 0
Hits : 12

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : liz@sel.as-us.falkag[1].txt
Category : Data Miner
Comment : Hits:1
Value : Cookie:liz@sel.as-us.falkag.net/
Expires : 07-06-2006 13:32:38
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : liz@questionmarket[1].txt
Category : Data Miner
Comment : Hits:2
Value : Cookie:liz@questionmarket.com/
Expires : 27-06-2007 15:58:22
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : liz@as-us.falkag[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:liz@as-us.falkag.net/
Expires : 07-06-2006 13:32:38
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : liz@adrevolver[2].txt
Category : Data Miner
Comment : Hits:7
Value : Cookie:liz@adrevolver.com/
Expires : 09-05-2007 15:11:34
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : liz@adtech[2].txt
Category : Data Miner
Comment : Hits:6
Value : Cookie:liz@adtech.de/
Expires : 03-05-2016 14:03:40
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : liz@bluestreak[1].txt
Category : Data Miner
Comment : Hits:3
Value : Cookie:liz@bluestreak.com/
Expires : 03-05-2016 20:03:58
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : liz@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@revenue[2].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 9



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : dale@real[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Dale\Cookies\dale@real[1].txt

GetMirar Object Recognized!
Type : File
Data : A0221748.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP800\
FileVersion : 1, 87, 60, 29
ProductVersion : 1, 87, 60, 29
ProductName : Mirar Downloader Setup
CompanyName : Mirar
LegalCopyright : Copyright ? 2006


Zango Object Recognized!
Type : File
Data : A0223044.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


WebHancer Object Recognized!
Type : File
Data : A0223058.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whSurvey.exe


DyFuCA Object Recognized!
Type : File
Data : A0223062.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


WebHancer Object Recognized!
Type : File
Data : A0223064.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whAgent.exe


Zango Object Recognized!
Type : File
Data : A0223142.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


WebHancer Object Recognized!
Type : File
Data : A0223143.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\



WebHancer Object Recognized!
Type : File
Data : A0223147.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whAgent.exe


WebHancer Object Recognized!
Type : File
Data : A0223149.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whSurvey.exe


GetMirar Object Recognized!
Type : File
Data : A0223150.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 1, 87, 60, 29
ProductVersion : 1, 87, 60, 29
ProductName : Mirar Downloader Setup
CompanyName : Mirar
LegalCopyright : Copyright ? 2006


MediaMotor Object Recognized!
Type : File
Data : A0223155.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\



WebHancer Object Recognized!
Type : File
Data : A0224132.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whAgent.exe


DyFuCA Object Recognized!
Type : File
Data : A0224149.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


CmdServices Object Recognized!
Type : File
Data : A0224204.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\



win32.Trojan.Dnschanger Object Recognized!
Type : File
Data : A0224205.exe
Category : Monitoring Tool
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\



e2give Object Recognized!
Type : File
Data : A0224206.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : e2g plugin
CompanyName : e2give, LLC
FileDescription : http://e2give.com/license.html
InternalName : IeBHOs.dll
LegalCopyright : Copyright © 2003 e2give, LLC
OriginalFilename : IeBHOs.dll
Comments : e2g plugin


MediaMotor Object Recognized!
Type : File
Data : A0224212.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\



GetMirar Object Recognized!
Type : File
Data : A0224213.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 1, 87, 60, 29
ProductVersion : 1, 87, 60, 29
ProductName : Mirar Downloader Setup
CompanyName : Mirar
LegalCopyright : Copyright ? 2006


MediaMotor Object Recognized!
Type : File
Data : A0224214.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\



Zango Object Recognized!
Type : File
Data : A0224215.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


WebHancer Object Recognized!
Type : File
Data : A0224216.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\



GetMirar Object Recognized!
Type : File
Data : A0224217.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NN_Bar_Dummy Module
FileDescription : NN_Bar_Dummy Module
InternalName : NN_Bar_Dummy
LegalCopyright : Copyright 2004
OriginalFilename : NN_Bar_Dummy.DLL


GetMirar Object Recognized!
Type : File
Data : A0224218.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 0, 0, 5, 7
ProductVersion : 0, 0, 5, 7
ProductName : NN_Bar Module
FileDescription : NN_Bar Module
InternalName : NN_Bar
LegalCopyright : Copyright 2003
OriginalFilename : NN_Bar.DLL


CmdServices Object Recognized!
Type : File
Data : A0224229.dll
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 2.1.3.466
ProductVersion : 1.0.0.0


CmdServices Object Recognized!
Type : File
Data : A0224243.dll
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\



e2give Object Recognized!
Type : File
Data : A0224244.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\



WebHancer Object Recognized!
Type : File
Data : A0225227.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whAgent.exe


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0225261.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\
FileVersion : 1.00.0229
ProductVersion : 1.00.0229
ProductName : Project1
CompanyName : mudes
InternalName : Project1
OriginalFilename : Project1.exe


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0225262.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\
FileVersion : 1.00.0072
ProductVersion : 1.00.0072
ProductName : Project1
CompanyName : ÄÂÃÌÀ
InternalName : Project1
OriginalFilename : Project1.exe


WebHancer Object Recognized!
Type : File
Data : A0225291.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\



GetMirar Object Recognized!
Type : File
Data : A0225295.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\
FileVersion : 1, 87, 60, 29
ProductVersion : 1, 87, 60, 29
ProductName : Mirar Downloader Setup
CompanyName : Mirar
LegalCopyright : Copyright ? 2006


Zango Object Recognized!
Type : File
Data : A0225297.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


CmdServices Object Recognized!
Type : File
Data : A0226292.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\



GetMirar Object Recognized!
Type : File
Data : A0226338.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP810\
FileVersion : 0, 0, 5, 7
ProductVersion : 0, 0, 5, 7
ProductName : NN_Bar Module
FileDescription : NN_Bar Module
InternalName : NN_Bar
LegalCopyright : Copyright 2003
OriginalFilename : NN_Bar.DLL


GetMirar Object Recognized!
Type : File
Data : A0226339.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP810\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NN_Bar_Dummy Module
FileDescription : NN_Bar_Dummy Module
InternalName : NN_Bar_Dummy
LegalCopyright : Copyright 2004
OriginalFilename : NN_Bar_Dummy.DLL


WebHancer Object Recognized!
Type : File
Data : A0226345.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP811\



WebHancer Object Recognized!
Type : File
Data : A0226349.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP811\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whAgent.exe


WebHancer Object Recognized!
Type : File
Data : A0226351.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP811\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whSurvey.exe


GetMirar Object Recognized!
Type : File
Data : A0226355.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP811\
FileVersion : 1, 87, 60, 29
ProductVersion : 1, 87, 60, 29
ProductName : Mirar Downloader Setup
CompanyName : Mirar
LegalCopyright : Copyright ? 2006


Zango Object Recognized!
Type : File
Data : A0226358.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP811\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0228395.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP814\
FileVersion : 1.00.0229
ProductVersion : 1.00.0229
ProductName : Project1
CompanyName : mudes
InternalName : Project1
OriginalFilename : Project1.exe


GetMirar Object Recognized!
Type : File
Data : A0228399.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP814\
FileVersion : 1, 87, 60, 29
ProductVersion : 1, 87, 60, 29
ProductName : Mirar Downloader Setup
CompanyName : Mirar
LegalCopyright : Copyright ? 2006


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0228400.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP814\
FileVersion : 1.00.0072
ProductVersion : 1.00.0072
ProductName : Project1
CompanyName : ÄÂÃÌÀ
InternalName : Project1
OriginalFilename : Project1.exe


WebHancer Object Recognized!
Type : File
Data : A0230023.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whAgent.exe


WebHancer Object Recognized!
Type : File
Data : A0230025.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whSurvey.exe


DyFuCA Object Recognized!
Type : File
Data : A0230036.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


WebHancer Object Recognized!
Type : File
Data : A0230040.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\
FileVersion : 3.8.1
ProductVersion : 3.8.1
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Winsock2 SPI
InternalName : webhdll
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : webhdll.dll


CoolWebSearch Object Recognized!
Type : File
Data : A0230516.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\



CoolWebSearch Object Recognized!
Type : File
Data : A0230987.exe
Category : Malware
Comment : Look2Me
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\



MediaMotor Object Recognized!
Type : File
Data : A0232502.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\



SurfSideKickBHO Object Recognized!
Type : File
Data : A0232503.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\



Zango Object Recognized!
Type : File
Data : A0232504.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


MediaMotor Object Recognized!
Type : File
Data : A0232505.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\



WebHancer Object Recognized!
Type : File
Data : A0232506.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\



CoolWebSearch Object Recognized!
Type : File
Data : A0232507.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\



Targetsaver Object Recognized!
Type : File
Data : A0232508.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\



VX2 Object Recognized!
Type : File
Data : A0233463.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\



CoolWebSearch Object Recognized!
Type : File
Data : A0233482.exe
Category : Malware
Comment : Look2Me
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\



WebHancer Object Recognized!
Type : File
Data : A0233488.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\



Targetsaver Object Recognized!
Type : File
Data : A0233491.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\



Targetsaver Object Recognized!
Type : File
Data : A0233492.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\
FileVersion : 4.0.4.0
ProductVersion : 4.0.4.0
LegalCopyright : Copyright © 2005


Targetsaver Object Recognized!
Type : File
Data : A0233493.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright © 2005


Targetsaver Object Recognized!
Type : File
Data : A0233494.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright © 2005


Targetsaver Object Recognized!
Type : File
Data : A0233495.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright © 2005


Adware.Yazzle Object Recognized!
Type : File
Data : A0233499.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\
FileVersion : 1.01
ProductVersion : 1.01
ProductName : Yazzle Snowball Wars
CompanyName : Yazzle
InternalName : SnowballWars
OriginalFilename : SnowballWars.exe


Targetsaver Object Recognized!
Type : File
Data : A0233501.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright © 2005


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0233647.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\
FileVersion : 1.00.0229
ProductVersion : 1.00.0229
ProductName : Project1
CompanyName : mudes
InternalName : Project1
OriginalFilename : Project1.exe


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0233746.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 1.00.0229
ProductVersion : 1.00.0229
ProductName : Project1
CompanyName : mudes
InternalName : Project1
OriginalFilename : Project1.exe


GetMirar Object Recognized!
Type : File
Data : A0233750.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 1, 87, 60, 29
ProductVersion : 1, 87, 60, 29
ProductName : Mirar Downloader Setup
CompanyName : Mirar
LegalCopyright : Copyright ? 2006


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0233751.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 1.00.0072
ProductVersion : 1.00.0072
ProductName : Project1
CompanyName : ÄÂÃÌÀ
InternalName : Project1
OriginalFilename : Project1.exe


WebHancer Object Recognized!
Type : File
Data : A0233844.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whAgent.exe


WebHancer Object Recognized!
Type : File
Data : A0233846.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Survey Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Survey Companion
InternalName : whSurvey
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whSurvey.exe


DyFuCA Object Recognized!
Type : File
Data : A0233857.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


MediaMotor Object Recognized!
Type : File
Data : A0233885.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\



Zango Object Recognized!
Type : File
Data : A0233886.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


MediaMotor Object Recognized!
Type : File
Data : A0233887.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\



WebHancer Object Recognized!
Type : File
Data : A0233888.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\



Targetsaver Object Recognized!
Type : File
Data : A0234356.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright © 2005


Targetsaver Object Recognized!
Type : File
Data : A0234357.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 4, 0, 4, 0
ProductVersion : 4, 0, 4, 0
LegalCopyright : Copyright © 2005


GetMirar Object Recognized!
Type : File
Data : A0234496.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 1, 87, 60, 29
ProductVersion : 1, 87, 60, 29
ProductName : Mirar Downloader Setup
CompanyName : Mirar
LegalCopyright : Copyright ? 2006


CmdServices Object Recognized!
Type : File
Data : A0234502.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\



Adware.DollarRevenue Object Recognized!
Type : File
Data : A0234672.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 1.00.0229
ProductVersion : 1.00.0229
ProductName : Project1
CompanyName : mudes
InternalName : Project1
OriginalFilename : Project1.exe


Adware.DollarRevenue Object Recognized!
Type : File
Data : A0234673.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\
FileVersion : 1.00.0072
ProductVersion : 1.00.0072
ProductName : Project1
CompanyName : ÄÂÃÌÀ
InternalName : Project1
OriginalFilename : Project1.exe


GetMirar Object Recognized!
Type : File
Data : A0235676.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\
FileVersion : 1, 87, 60, 29
ProductVersion : 1, 87, 60, 29
ProductName : Mirar Downloader Setup
CompanyName : Mirar
LegalCopyright : Copyright ? 2006


Zango Object Recognized!
Type : File
Data : A0235677.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


MediaMotor Object Recognized!
Type : File
Data : A0235678.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\



WebHancer Object Recognized!
Type : File
Data : A0235679.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\



GetMirar Object Recognized!
Type : File
Data : A0235680.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NN_Bar_Dummy Module
FileDescription : NN_Bar_Dummy Module
InternalName : NN_Bar_Dummy
LegalCopyright : Copyright 2004
OriginalFilename : NN_Bar_Dummy.DLL


GetMirar Object Recognized!
Type : File
Data : A0236603.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\
FileVersion : 0, 0, 5, 7
ProductVersion : 0, 0, 5, 7
ProductName : NN_Bar Module
FileDescription : NN_Bar Module
InternalName : NN_Bar
LegalCopyright : Copyright 2003
OriginalFilename : NN_Bar.DLL


DyFuCA Object Recognized!
Type : File
Data : A0236604.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


WebHancer Object Recognized!
Type : File
Data : A0236608.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\
FileVersion : 3.5.1
ProductVersion : 3.5.1
ProductName : webHancer Customer Companion
CompanyName : webHancer Corporation
FileDescription : webHancer Customer Companion
InternalName : whAgent
LegalCopyright : Copyright © 1999-2005 webHancer Corporation
OriginalFilename : whAgent.exe


GetMirar Object Recognized!
Type : File
Data : A0236616.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\
FileVersion : 1, 87, 60, 29
ProductVersion : 1, 87, 60, 29
ProductName : Mirar Downloader Setup
CompanyName : Mirar
LegalCopyright : Copyright ? 2006


Zango Object Recognized!
Type : File
Data : A0236617.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\
FileVersion : 1.00
ProductVersion : 1.00
ProductName : Project1
CompanyName : df
InternalName : unstall
OriginalFilename : unstall.exe


WebHancer Object Recognized!
Type : File
Data : A0236618.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\



GetMirar Object Recognized!
Type : File
Data : A0236619.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : NN_Bar_Dummy Module
FileDescription : NN_Bar_Dummy Module
InternalName : NN_Bar_Dummy
LegalCopyright : Copyright 2004
OriginalFilename : NN_Bar_Dummy.DLL


DyFuCA Object Recognized!
Type : File
Data : MFEX-14.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\snapshot\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


GetMirar Object Recognized!
Type : File
Data : MFEX-20.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\snapshot\
FileVersion : 0, 0, 5, 7
ProductVersion : 0, 0, 5, 7
ProductName : NN_Bar Module
FileDescription : NN_Bar Module
InternalName : NN_Bar
LegalCopyright : Copyright 2003
OriginalFilename : NN_Bar.DLL


GetMirar Object Recognized!
Type : File
Data : MFEX-3.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\snapshot\
FileVersion : 0, 0, 5, 7
ProductVersion : 0, 0, 5, 7
ProductName : NN_Bar Module
FileDescription : NN_Bar Module
InternalName : NN_Bar
LegalCopyright : Copyright 2003
OriginalFilename : NN_Bar.DLL


DyFuCA Object Recognized!
Type : File
Data : MFEX-4.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\snapshot\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyrigh

#12 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 10 May 2006 - 08:59 AM

I only need the Panda Activescan report and a fresh HijackThis log :thumbsup:

#13 talitha

talitha
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 10 May 2006 - 12:35 PM

Guess I ran out of room with all the logs!! I saved the logs.

Active scan:


Incident Status Location

Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/ncase Not disinfected c:\windows\msbb.exe.temp
Adware:adware/wupd Not disinfected Windows Registry
Spyware:spyware/dluca Not disinfected Windows Registry
Adware:adware/superbar Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Adware:adware/beginto Not disinfected Windows Registry
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Dale\Cookies\dale@64.62.232[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dale\Cookies\dale@atwola[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dale\Cookies\dale@go[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Dale\Cookies\dale@webpower[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dale\Cookies\dale@xiti[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/hc/LPplayersonly]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Application Data\Mozilla\Firefox\Profiles\evdney5q.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@atdmt[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@doubleclick[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Cookies\liz@questionmarket[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\Cookies\liz@go[2].txt
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.frB625
---------------------------------------------------------------------------------------------------------------------


HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 11:59:30, on 10/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\windows\system32\fxssvc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Omsb] "C:\DOCUME~1\LIZ~1.HOM\APPLIC~1\ASEMBL~1\regsvr32.exe" -vt yazr
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120692058265
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://E:\SuperCD\IntraLaunch.CAB
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} - http://register.btinternet.com/templates/btwebcontrol023.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...650/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{124450C8-2F0D-42DC-B297-856B07339448}: NameServer = 62.24.128.18 62.24.128.17
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\windows\System32\mousehs.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\System32\nvsvc32.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------------------------------------------------------------------

Many thanks,
Talitha

#14 didom

didom

  • Members
  • 1,389 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:19 PM

Posted 10 May 2006 - 01:30 PM

Looks this IP familiar: 62.24.128.17

Opal Telecommunications Plc
Northbank Industrial Estate
Irlam
Manchester


--------------------------------

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order in which they are mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Step #1

Click Start> Run> type in CMD tap enter. Type the following into command prompt:

sc stop mousehs

Hit 'enter' and type the following:

sc delete mousehs

At the command prompt: type exit.

Step #2

Scan again with HijackThis and check the following items:
O4 - HKCU\..\Run: [Omsb] "C:\DOCUME~1\LIZ~1.HOM\APPLIC~1\ASEMBL~1\regsvr32.exe" -vt yazr

O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\windows\System32\mousehs.exe (file missing)

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Step #3

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide file extensions for known types option.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Step #4

Reboot Your System in Safe Mode:
  • Restart the computer.
  • As soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #5

Find and delete these files and folders (if they are still there):
c:\windows\msbb.exe.temp <= this file
C:\windows\System32\mousehs.exe <= this file
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temporary Internet Files\Ssk.log <= this file


Step #6

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
Reboot your computer normally.

Step #7

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Please run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
  • In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
  • When you get the Windows dialog asking if you want to install this software, click the "Install" button.
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
  • Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.

Start HijackThis and perform a new scan.

Use the Add Reply button to post your new logs back here along withas details of any problems you encountered performing the above steps and I will review it when it comes in.

#15 talitha

talitha
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:19 PM

Posted 21 May 2006 - 12:08 PM

Sorry for the delay - been very busy at work and not had time to do the scans. Here are the logs you asked for:

ACTIVE SCAN:

Incident Status Location

Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/dollarrevenue Not disinfected c:\windows\keyboard101.dat
Adware:adware/ncase Not disinfected c:\temp\FLEOK
Adware:adware/wupd Not disinfected Windows Registry
Spyware:spyware/dluca Not disinfected Windows Registry
Adware:adware/superbar Not disinfected Windows Registry
Adware:adware/exact.bargainbuddy Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Adware:adware/beginto Not disinfected Windows Registry
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Dale\Cookies\dale@64.62.232[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dale\Cookies\dale@atwola[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dale\Cookies\dale@go[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Dale\Cookies\dale@webpower[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Dale\Cookies\dale@xiti[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\Cookies\liz@go[2].txt
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\temp.frB625
------------------------------------------------------------------------------------------------------------------------

KAVSCAN:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, May 11, 2006 8:33:25 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 11/05/2006
Kaspersky Anti-Virus database records: 192918
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 149161
Number of viruses found: 45
Number of infected objects: 308
Number of suspicious objects: 0
Duration of the scan process: 01:45:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Desktop\dale\Backup1\dvdsetup.exe/WISE0010.BIN/WISE0042.BIN Infected: not-a-virus:AdWare.Win32.AmBar.2159 skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Desktop\dale\Backup1\dvdsetup.exe/WISE0010.BIN Infected: not-a-virus:AdWare.Win32.AmBar.2159 skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Desktop\dale\Backup1\dvdsetup.exe WiseSFX: infected - 2 skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Desktop\dale\Backup1\dvdsetup.exe WiseSFX Dropper: infected - 2 skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0002/stream/data0001 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0002/stream/data0003 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0002/stream/data0004 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar.e skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0002/stream Infected: not-a-virus:AdWare.Win32.GigatechSuperBar.e skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0002 Infected: not-a-virus:AdWare.Win32.GigatechSuperBar.e skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0003/data0134 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0005/stream/data0001 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0005/stream/data0002 Infected: Trojan-Downloader.Win32.Agent.cf skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0005/stream/data0003 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0005/stream Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0005 Infected: not-a-virus:AdWare.Win32.Connector skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe/data0006 Infected: not-a-virus:AdWare.Win32.180Solutions skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\948 KB.exe NSIS: infected - 13 skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\nnclx485.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.d skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\uA8.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\WPRE.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Documents and Settings\Liz.HOME-2TZUV2YV02\Local Settings\Temp\WPRE.exe NSIS: infected - 1 skipped
C:\Program Files\Common Files\Yazzle1119OinAdmin.exe Infected: Trojan.Win32.Scapur.k skipped
C:\Program Files\Snowball Wars\SnowballWars.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP759\A0212688.exe Infected: not-a-virus:Dialer.Win32.gen skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP800\A0221697.exe/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP800\A0221697.exe/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP800\A0221697.exe/vipz.exe Infected: Trojan-Downloader.Win32.Adload.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP800\A0221697.exe CAB: infected - 3 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP803\A0222855.exe/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP803\A0222855.exe/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP803\A0222855.exe/vipz.exe Infected: Trojan-Downloader.Win32.Adload.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP803\A0222855.exe CAB: infected - 3 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP804\A0222876.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP804\A0222877.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP804\A0222999.exe/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP804\A0222999.exe/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP804\A0222999.exe/vipz.exe Infected: Trojan-Downloader.Win32.Adload.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP804\A0222999.exe CAB: infected - 3 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\A0223043.exe/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\A0223043.exe/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\A0223043.exe/vipz.exe Infected: Trojan-Downloader.Win32.Adload.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\A0223043.exe CAB: infected - 3 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\A0223055.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\A0223057.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\A0223060.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\A0223068.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP805\A0223108.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0223139.exe/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0223139.exe/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0223139.exe/vipz.exe Infected: Trojan-Downloader.Win32.Adload.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0223139.exe CAB: infected - 3 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0223148.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0223152.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0223153.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0223154.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0223154.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0223156.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224133.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224144.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224145.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224147.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224207.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224222.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224222.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224222.exe/data.rar/vipza.exe Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224222.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224222.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224223.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224223.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224227.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224228.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224248.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224248.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224249.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224249.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224249.exe/data.rar/vipza.exe Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224249.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224249.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224250.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224253.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224257.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224260.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224260.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224261.exe Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0224263.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP808\A0225228.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225268.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225269.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225271.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225278.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225278.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225279.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225279.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225279.exe/data.rar/vipza.exe Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225279.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225279.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225282.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225284.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225285.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0225296.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226264.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226264.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226264.exe/data.rar/vipza.exe Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226264.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226264.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226265.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226265.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226268.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226270.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226271.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226291.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226301.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226301.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226301.exe/data.rar/vipza.exe Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226301.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226301.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226302.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226302.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP809\A0226304.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP811\A0226350.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP811\A0226353.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP811\A0226354.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP811\A0226356.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP811\A0226357.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP812\A0226370.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP812\A0226370.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP812\A0227383.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP812\A0227383.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP812\A0227383.exe/data.rar/vipza.exe Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP812\A0227383.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP812\A0227383.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP812\A0227384.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP812\A0227384.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP814\A0228401.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP814\A0228402.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230010.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230010.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230010.exe/data.rar/vipza.exe Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230010.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230010.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230013.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230014.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230015.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230024.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230027.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230028.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230029.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230030.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230031.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230032.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230034.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0230989.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0231459.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0231511.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0232469.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0232509.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0232512.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0232983.dll Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0232984.dll Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP818\A0232985.exe Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233462.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233469.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233480.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233484.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233500.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233500.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233503.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233504.exe Infected: Backdoor.Win32.VB.ary skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233508.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233512.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233513.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233513.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233515.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233518.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233518.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233518.exe/data.rar/system23.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233518.exe/data.rar/Monterrey.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233518.exe/data.rar/Monterrey.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233518.exe/data.rar Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233518.exe RarSFX: infected - 6 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233670.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP819\A0233679.dll Infected: not-a-virus:AdWare.Win32.SurfSide.an skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233752.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233753.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233833.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233833.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233833.exe/data.rar/vipza.exe Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233833.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233833.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233836.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233837.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233838.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233845.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233848.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233849.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233850.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233851.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233852.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233853.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233855.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0233889.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234407.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234407.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234495.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234504.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234504.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234504.exe/data.rar/vipza.exe Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234504.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234504.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234597.exe Infected: Trojan-Downloader.Win32.Adload.am skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234598.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234599.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234679.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234680.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP820\A0234682.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP822\A0234798.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\A0235298.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\A0235299.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\A0235668.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\A0235670.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\A0235671.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\A0235682.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP825\A0235684.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0235692.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0235692.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0235692.exe/data.rar/system23.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0235692.exe/data.rar/Monterrey.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0235692.exe/data.rar/Monterrey.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0235692.exe/data.rar Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0235692.exe RarSFX: infected - 6 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0235696.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0235697.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0235707.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0235708.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0236605.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0236607.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0236610.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0236611.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0236612.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0236621.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0236623.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0236650.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP826\A0236654.exe Infected: Trojan-Downloader.Win32.Adload.as skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP832\A0237110.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP832\A0237110.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP832\A0237123.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.a skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP832\A0237612.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP832\A0237612.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP832\A0237612.exe/data.rar/system23.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP832\A0237612.exe/data.rar/Monterrey.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP832\A0237612.exe/data.rar/Monterrey.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP832\A0237612.exe/data.rar Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP832\A0237612.exe RarSFX: infected - 6 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP837\A0245226.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP837\A0246523.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP837\A0246523.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP837\A0246525.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP837\A0246525.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP837\A0247010.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP837\A0247012.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP837\A0247012.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250974.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250974.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250974.exe/data.rar/system23.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250974.exe/data.rar/Monterrey.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250974.exe/data.rar/Monterrey.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250974.exe/data.rar Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250974.exe RarSFX: infected - 6 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250978.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250979.dll Infected: not-a-virus:AdWare.Win32.HotSearchBar.j skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250980.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250981.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250982.exe/data.rar/mmxxxxmas2.exe Infected: Trojan-Downloader.Win32.VB.jl skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250982.exe/data.rar/themasterz.exe Infected: Trojan-Clicker.Win32.Small.hh skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250982.exe/data.rar/vipza.exe Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250982.exe/data.rar Infected: Trojan-Downloader.Win32.Adload.aj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP841\A0250982.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP843\A0251866.exe Infected: Trojan-Downloader.Win32.PurityScan.cj skipped
C:\System Volume Information\_restore{2E23F5C0-040F-4869-B216-725FC25CCEFB}\RP844\A0252524.dll Infected: not-a-virus:AdWare.Win32.WinAD.k skipped
C:\temp\package8029_CDT3.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\temp\package8029_CDT3.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\temp\package8029_CDT3.exe/stream/data0005 Infected: Trojan-Clicker.Win32.VB.ex skipped
C:\temp\package8029_CDT3.exe/stream/data0006/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0007/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\temp\package8029_CDT3.exe/stream/data0007/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0007/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0007/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe NSIS: infected - 14 skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EXUXU1I3\mon[1].exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EXUXU1I3\mon[1].exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EXUXU1I3\mon[2].exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EXUXU1I3\mon[2].exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\eq Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\Monterrey.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\WINDOWS\system32\Monterrey.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\o Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\WPRE.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\WINDOWS\system32\WPRE.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\x.pif Infected: Trojan-Downloader.BAT.Ftp.z skipped
C:\WINDOWS\system32\xc.bat Infected: Trojan-Downloader.BAT.Ftp.aj skipped

Scan process completed.
-------------------------------------------------------------------------------------------------------------

Latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 18:05:35, on 21/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\windows\system32\fxssvc.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\SAGEM\TalkTalk Broadband\dslmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HJT\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - H




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users