Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups When Starting Ie


  • Please log in to reply
5 replies to this topic

#1 foxb

foxb

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 29 April 2006 - 01:22 PM

Hi,

The sytem is W2k sp4+latest updates.
MS antyspyware
Spybot
spywareblaster
McAfee virus scan 7.0 ent

There are popups when Ie is strated

Following instructions I ran Trendmicro - detected 2 grayware 1 was removed, I forgot to note the names

Panda crashes IE when starting

BitDefender reports

Trojan.downloader.Istbar.ER
Trojan downloader.3747.A

Cannot remove
Location adlinstallwin32.exe

I ran fxinstbat.exe 1.1.0 from Symantec - nothing found
---------------------------
Hijackthis LOG
-------------------------
Logfile of HijackThis v1.99.1
Scan saved at 14:13:14, on 29/04/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cpqalert.exe
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\System32\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\FICHIE~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SDWin32 Class - {C157F60A-B375-473E-9D8D-93D7C4D0804E} - C:\WINNT\System32\cgwiy.dll
O2 - BHO: (no name) - {} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\FICHIE~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [htivyad] C:\WINNT\system32\htivyad.exe
O4 - HKLM\..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136556866125
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A273E5A5-2543-4DD7-B9FA-B0ED92DBD24D}: NameServer = 192.168.1.222
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\WINNT\System32\cpqalert.exe
O23 - Service: CPQDMI - Compaq Computer Corporation - C:\WINNT\System32\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (CpqWebDmi) - Compaq Computer Corporation - C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: Win32sl - Intel - c:\dmi\win32\bin\Win32sl.exe

Edited by foxb, 29 April 2006 - 01:24 PM.


BC AdBot (Login to Remove)

 


#2 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:38 AM

Posted 29 April 2006 - 03:47 PM

Hello foxb,

It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.

Please disable the Microsoft Anti-Spyware real-time protection, since it might interfere with the fix:Right-click on the Microsoft Anti-Spyware tray icon by your clock (it's the one with the red and yellow bulls-eye).Click on Security Agents Status.
Click on Disable real-time protection.
Next, open Microsoft Anti-Spyware.Click on the Options menu, then Settings.
Select Real Time Protection from the left column.
Uncheck Enable (MSAS) Security Agents and Enable real-time spyware threat protection.
Click the Save button.
Finally, Right-click on the MSAS tray icon, select "Shutdown Microsoft Antispyware", and click "Yes" in the dialog that comes up.
[/list]You can reenable it once your system is clean.


1. Download and install CCleaner - Basic
Do not use the program at this time.

2. Please download, install, and update the NEW free version of Ewido anti-malware:
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful")
  • Close ewido. DO NOT RUN IT YET.
3. Reconfigure Windows XP to show hidden files:Click Start. Open My Computer.
Select the Tools menu and click Folder Options. Select the View Tab.Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the Hide protected operating system files (recommended) option.
Uncheck the Hide file extensions for known file types option.
Click Yes to confirm. Click OK.
[/list]4. Boot into safe mode:
Restart your computer and as soon as it starts booting up again continuously tap F8.
A menu should come up where you will be given the option to enter Safe Mode.

5. Run HijackThis and check these entries,if still present:O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: SDWin32 Class - {C157F60A-B375-473E-9D8D-93D7C4D0804E} - C:\WINNT\System32\cgwiy.dll
O2 - BHO: (no name) - {} - (no file)
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [htivyad] C:\WINNT\system32\htivyad.exe

Close all open windows, EXCEPT HijackThis and click Fix Checked. Close HijackThis.

6. Go to Windows Explorer, find and if still present delete these files/folders (in bold):C:\WINDOWS\System32\cgwiy.dll
c:\installer\id53.exe
C:\WINNT\system32\htivyad.exe
7. Run CCleaner, click the Windows tab and select the following:Internet Explorer:Temp Internet
History
Recently Typed URLs
Delete Index.dat files
System:Empty Recycle Bin
Temporary Files
Memory Dumps
Chkdsk File Fragments
Old Prefetch Data
Next: click Options, click the Settings tab
Uncheck: "Only delete files older than 48 hrs.", click OK
Then click Run Cleaner (bottom right), then Exit
[/list]8. Restart your computer in normal mode

9. Please post a new HijackThis log, as well as the ewido log.

You can run Bitdefender once more to check if anything suspiscous is left.
Greetings,
BMThor

Edited by BMThor, 29 April 2006 - 03:48 PM.

Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#3 foxb

foxb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 30 April 2006 - 08:39 PM

Thank you for the responce.

I followed instructions.

My logs:

Logfile of HijackThis v1.99.1
Scan saved at 20:13:14, on 30/04/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cpqalert.exe
C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\hidserv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
c:\dmi\win32\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\cpqdmi.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINNT\system32\CHKADMIN.EXE
C:\WINNT\system32\Promon.exe
C:\WINNT\System32\qttask.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\FICHIE~1\Real\Toolbar\realbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\FICHIE~1\Real\Toolbar\realbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CHKADMIN] CHKADMIN.EXE
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINNT\System32\qttask.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1136556866125
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A273E5A5-2543-4DD7-B9FA-B0ED92DBD24D}: NameServer = 192.168.1.222
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\WINNT\System32\cpqalert.exe
O23 - Service: CPQDMI - Compaq Computer Corporation - C:\WINNT\System32\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (CpqWebDmi) - Compaq Computer Corporation - C:\Program Files\COMPAQ\CpqWebDMI\webdmi.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP Pro 3\Tools\NMSAccess.exe
O23 - Service: Win32sl - Intel - c:\dmi\win32\bin\Win32sl.exe

---------------------------------------------------------
ewido anti-malware - Rapport de scan
---------------------------------------------------------

+ Créé le: 20:57:25, 30/04/2006
+ Somme de contrôle: 87D7664A

+ Résultats du scan:

HKLM\SOFTWARE\Classes\Applications\STC.exe -> Adware.SecondThought : Nettoyer et sauvegarder
HKLM\SOFTWARE\Classes\Applications\STC.exe\shell -> Adware.SecondThought : Nettoyer et sauvegarder
:mozilla.87:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Revenue : Nettoyer et sauvegarder
:mozilla.120:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Onestat : Nettoyer et sauvegarder
:mozilla.121:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Onestat : Nettoyer et sauvegarder
:mozilla.150:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Adserver : Nettoyer et sauvegarder
:mozilla.161:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.162:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.163:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyer et sauvegarder
:mozilla.291:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder
:mozilla.292:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder
:mozilla.293:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder
:mozilla.297:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyer et sauvegarder
:mozilla.300:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.301:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
:mozilla.305:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.307:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.308:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.313:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.314:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder
:mozilla.320:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.321:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
:mozilla.322:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.324:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.330:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.331:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder
:mozilla.333:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.337:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyer et sauvegarder
:mozilla.351:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Casinotropez : Nettoyer et sauvegarder
:mozilla.408:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder
:mozilla.409:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyer et sauvegarder
:mozilla.451:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.460:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
:mozilla.475:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.476:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Comclick : Nettoyer et sauvegarder
:mozilla.503:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Com : Nettoyer et sauvegarder
:mozilla.504:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Com : Nettoyer et sauvegarder
:mozilla.519:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Centrport : Nettoyer et sauvegarder
:mozilla.520:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Centrport : Nettoyer et sauvegarder
:mozilla.530:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
:mozilla.534:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyer et sauvegarder
:mozilla.549:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyer et sauvegarder
:mozilla.553:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.554:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.556:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.562:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Adtech : Nettoyer et sauvegarder
:mozilla.569:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.581:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Pointroll : Nettoyer et sauvegarder
:mozilla.587:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.588:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.589:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.590:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.591:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.592:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.593:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.594:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.595:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.596:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.602:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.603:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.604:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.605:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.2o7 : Nettoyer et sauvegarder
:mozilla.612:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.613:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.614:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.615:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
:mozilla.616:C:\Documents and Settings\FraGil\Application Data\Mozilla\Firefox\Profiles\4pgj7x5s.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@burstnet[2].txt -> TrackingCookie.Burstnet : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@com[2].txt -> TrackingCookie.Com : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@estat[1].txt -> TrackingCookie.Estat : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@starware[2].txt -> TrackingCookie.Starware : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@tacoda[2].txt -> TrackingCookie.Tacoda : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@weborama[1].txt -> TrackingCookie.Weborama : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@webstat[2].txt -> TrackingCookie.Web-stat : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Nettoyer et sauvegarder
C:\Documents and Settings\FraGil\Cookies\fragil@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Nettoyer et sauvegarder


::Fin du rapport

I ran Bit Defender it report the same infections.
Note CCcleaner did not erase temp files for other user and this file is there.

I'll run scan once more time and if there is something I'll post it here

Thank you One more time

Edited by foxb, 30 April 2006 - 08:39 PM.


#4 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:38 AM

Posted 01 May 2006 - 05:45 AM

You're very welcome foxb, :thumbsup:

Does the other profile have admin rights?
If not, maybe you can change that for the duration of the fix?

If problems with removal persist, you can post a HijackThis log made from the other profile. :flowers:

Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference

#5 foxb

foxb
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:38 AM

Posted 01 May 2006 - 10:53 AM

Hi

other profile is restricted user.

I made it in hope to stop spyware installation.

For now everything looks OK.

When sould I run ewido (i run it after removal from normal boot).

Thank you :thumbsup:

#6 Thunder

Thunder

  • Members
  • 3,294 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belgium
  • Local time:08:38 AM

Posted 01 May 2006 - 03:55 PM

Hello foxb,

You can run ewido in normal mode, no problem.

However if an infection is suspected,
it's sometimes easier to get rid of the malware files if they're not loaded on Windows startup,
hence starting up in safe mode.

Greetings,
BMThor
Whatever happens, make believe it was intended to ...
-----------------------------------------------------------------------
Posted Image - If I have helped you in any way, please consider a donation to help me continue the fight against malware.
-----------------------------------------------------------------------
Stand Up & Be Counted --> Posted Image <-- And make a difference




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users