Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected Computer...lots Of Pop-ups


  • This topic is locked This topic is locked
7 replies to this topic

#1 PanakAttack

PanakAttack

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 28 May 2006 - 11:21 PM

Pop-ups keeping coming up every couple of minutes...computer also shuts down on it's own when running some programs.

Logfile of HijackThis v1.99.1
Scan saved at 12:13:24 AM, on 5/29/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\command.exe
C:\WINNT\regsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\hulgipu.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\winnt\system32\pldsrego.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\hulgipuA.exe
C:\WINNT\System32\rundll32.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\sys101146339359.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINNT\System32\SSEMBL~1\spoolsv.exe
C:\Program Files\??mantec\??oolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lexmark X5100 Series\AWDCXC32.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joe III\Desktop\Spyware Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\System32\miqsr.exe
F2 - REG:system.ini: UserInit=userinit.exe,wexwcte.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\Update\WToolsA.exe update
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [{3C-C0-01-1F-ZN}] C:\winnt\system32\pldsrego.exe GID003
O4 - HKLM\..\Run: [hulgipuA] C:\WINNT\hulgipuA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\SYSC00.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [w37deac3.dll] RUNDLL32.EXE w37deac3.dll,I2 0010ed82037deac3
O4 - HKLM\..\Run: [sys101146339359] C:\WINNT\sys101146339359.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINNT\System32\rwinmqez.exe GID003
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Odno] "C:\WINNT\System32\SSEMBL~1\spoolsv.exe" -vt yazr
O4 - HKCU\..\Run: [Hbwojdhm] C:\Program Files\??mantec\??oolsv.exe
O4 - Startup: Zeno.lnk = C:\WINNT\system32\rwinmqez.exe
O4 - Startup: Z_Start.lnk = C:\WINNT\system32\dwdsregt.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\System32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Setup - C:\WINNT\system32\m8rm0i91e8.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\command.exe
O23 - Service: RemoteRegBck - Unknown owner - C:\WINNT\regsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINNT\hulgipu.exe

BC AdBot (Login to Remove)

 


#2 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 30 May 2006 - 09:13 AM

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.

Please read this post completely before begining. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * *


Posted Image
  • Download and run - bfu.zip
  • Checkmark the following boxes:
    • Use settings specified in script for the above option
    • Show log after script ends
  • Click the Web button located on the top right corner
  • Copy/Paste this url into the address bar of the Download script window:

    http://metallica.geekstogo.com/alcanshorty.bfu

  • Execute the script by clicking the Execute button.
  • When it finishes running, click the Save button for a copy of the log
  • Post the log created by the script when you have completed the fix
* * * * * *


Download this file - Combofix.zip
From within it, double click on combo.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Download and install Ewido Security Suite
  • When installing, under "Additional Options",
    • uncheck - Install background guard
  • Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this link to manually update Ewido

Download LSPFix.exe
Instructions for using LSPFix
  • Double click on LSPFix.exe to run it.
  • Once running, you will be required to tick the disclaimer - "I know what I'm doing".
  • You'll find a windows with 2 panes.
    In the left pane which is labeled 'Keep', select all instances of this file:
    • newdotnet.dll
  • Then click on the arrow pointing to the right, >>.
    This will move the entry to the right pane labeled 'Remove'
  • Click the Finish button to complete the fix.
Only entries similar to newdotnet.dll need to be removed. If you see any other entries in the right pane, move them back to the "Keep" pane & post the filenames to inform me.

'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downloading.
It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.


* * * * * * DISABLING SERVICES * * * * * * * * * * * * * * * * *


Click Start -> Run - type SERVICES.MSC & then click on the OK button
  • Locate the service - RemoteRegBck
  • Double-click on it to open the Properties dialog.
    - Change the Startup type to Disabled & then click on the Apply button
    - Stop the service by using the Stop button.
  • Then start HiJackThis & go to Config... -> Misc.Tools -> Delete an NT service
  • In the popup box that appears, copy/paste RemoteRegBck
  • Click on the OK button & answer No if prompted to reboot
* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\Update\WToolsA.exe update
O4 - HKLM\..\Run: [keyboard] C:\\keyboard23.exe
O4 - HKLM\..\Run: [newname] C:\\newname23.exe
O4 - HKLM\..\Run: [{3C-C0-01-1F-ZN}] C:\winnt\system32\pldsrego.exe GID003
O4 - HKLM\..\Run: [hulgipuA] C:\WINNT\hulgipuA.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINNT\SYSC00.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [w37deac3.dll] RUNDLL32.EXE w37deac3.dll,I2 0010ed82037deac3
O4 - HKLM\..\Run: [sys101146339359] C:\WINNT\sys101146339359.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINNT\System32\rwinmqez.exe GID003
O4 - HKCU\..\Run: [Odno] "C:\WINNT\System32\SSEMBL~1\spoolsv.exe" -vt yazr
O4 - HKCU\..\Run: [Hbwojdhm] C:\Program Files\??mantec\??oolsv.exe
O4 - Startup: Zeno.lnk = C:\WINNT\system32\rwinmqez.exe
O4 - Startup: Z_Start.lnk = C:\WINNT\system32\dwdsregt.exe
O16 - DPF: {0F04992B-E661-4DB9-B223-903AB628225D} (DoMoreRunExe.DoMoreRun) - file://C:\Program Files\Gateway\Do More\DoMoreRunExe.CAB
O16 - DPF: {511073AD-BE56-4D43-AE68-93390514385E} (TechToolsActivex.TechTools) - file://C:\Program Files\gateway\helpspot\TechTools.CAB
O16 - DPF: {739E8D90-2F4C-43AD-A1B8-66C356FCEA35} (RunExeActiveX.RunExe) - file://C:\Program Files\gateway\helpspot\RunExeActiveX.CAB
O20 - Winlogon Notify: Setup - C:\WINNT\system32\m8rm0i91e8.dll



* * * * * * KILLBOX * * * * * * * * * * * * * * * * * * * * * * *


Launch KillBox.exe & select the following options:
  • delete on Reboot
  • All files (if available)
Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy
  • C:\WINNT\regsvc.exe
    C:\keyboard23.exe
    C:\newname23.exe
    C:\winnt\system32\pldsrego.exe
    C:\WINNT\hulgipuA.exe
    C:\WINNT\SYSC00.exe
    C:\winnt\system32\w37deac3.dll
    C:\WINNT\sys101146339359.exe
    C:\WINNT\System32\rwinmqez.exe
    C:\WINNT\system32\rwinmqez.exe
    C:\WINNT\system32\dwdsregt.exe
    C:\WINNT\hulgipu.exe
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click Yes at the 'Pending Operations prompt'.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


* * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * *


1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the option to run Windows in Safe Mode.


* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *


Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:
  • Zeno Search
    WinTools
    Purity Scan /Snowball Wars by OIN
    New Net \NewDotNet
Please note any other programs that you dont recognize in that list in your next response


* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.
  • Tick - 'Show hidden files and folder'
  • Untick - 'Hide file extensions for known types'
  • Untick - 'Hide protected operating system files'
  • Click Yes to confirm & then click OK
Locate and delete the following files/folders: (let me know if you fail to find/delete any)
  • C:\PROGRAM FILES\NEWDOTNET\
    C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\
    C:\PROGRA~1\COMMON~1\WinTools\
C:\WINNT\System32\ASSEMBLY\ > > > ( contains the file - spoolsv.exe)
C:\Program Files\??mantec\ > > > (contains the file - ??oolsv.exe)

* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Delete Cookies
4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!


* * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


* * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * *


Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  • HiJackThis log
  • Combofix's log
  • Online Scan
  • Ewido
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Edited by sUBs, 30 May 2006 - 09:15 AM.


#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:09:13 AM

Posted 30 May 2006 - 09:21 AM

Edit..; Ok, Subs already posted.

Edited by miekiemoes, 30 May 2006 - 09:22 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#4 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 05 June 2006 - 08:02 PM

* * * * * * * * *

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

* * * * * * * * *

#5 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 06 June 2006 - 07:28 PM

Topic re-opened at the behest of the thread starter

#6 PanakAttack

PanakAttack
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 06 June 2006 - 10:19 PM

there are still some pop-ups...
i couldn't do the combo thing cause the file isn't there when i click the link...also i couldn't perform the online scan...should I use panda??


Logfile of HijackThis v1.99.1
Scan saved at 11:14:43 PM, on 6/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\command.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINNT\regsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINNT\System32\ssn6tuu.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\Joe III\Desktop\Spyware Programs\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\System32\miqsr.exe
F2 - REG:system.ini: UserInit=userinit.exe,wexwcte.exe
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINNT\System32\x3cqp0.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINNT\System32\ssn6tuu.exe"
O4 - HKLM\..\Run: [w001d220.dll] RUNDLL32.EXE w001d220.dll,I2 0010ed820001d220
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\System32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINNT\System32\x3cqp0.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: policies - C:\WINNT\system32\c8000idme80a0.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: RemoteRegBck - Unknown owner - C:\WINNT\regsvc.exe

















---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:12:26 PM, 6/6/2006
+ Report-Checksum: 3FBF82B

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UrlSidebar -> Adware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\ESO -> Adware.WebHancer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\.DEFAULT\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-2832471526-3054548624-236718858-1007\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2832471526-3054548624-236718858-1007\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2832471526-3054548624-236718858-1007\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-2832471526-3054548624-236718858-1007\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-2832471526-3054548624-236718858-1007\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-18\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
[520] C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\asappsrv.dll -> Adware.CommAd : Cleaned with backup
[1208] C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1736] C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1748] C:\Program Files\webHancer\Programs\whagent.exe -> Adware.WebHancer : Cleaned with backup
[1760] C:\WINNT\System32\mptft.exe -> Adware.SearchAssistant : Cleaned with backup
[1768] C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1592] C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1796] C:\WINNT\win32099114633935.exe -> Adware.Enbrow : Cleaned with backup
[1820] C:\WINNT\System32\tfthot.exe -> Adware.SearchAssistant : Cleaned with backup
[1620] C:\defender25.exe -> Downloader.Adload.bx : Cleaned with backup
[1888] C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1640] C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\asappsrv.dll -> Adware.CommAd : Error during cleaning
[300] C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\asappsrv.dll -> Adware.CommAd : Error during cleaning
[1080] C:\Program Files\WildTangent\wild_tangent.exe -> Adware.Agent : Cleaned with backup
C:\ac2_0003.exe -> Downloader.Small.cpu : Cleaned with backup
C:\bintheredunthat\comscore.exe -> Dropper.Agent.hl : Cleaned with backup
C:\bintheredunthat\hulgipu.exe -> Hijacker.VB.ij : Cleaned with backup
C:\bintheredunthat\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup
C:\bintheredunthat\w37deac3.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\bintheredunthat\w37e47e6.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\bintheredunthat\w37e4815.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\comscore.exe -> Dropper.Agent.hl : Cleaned with backup
C:\defender25.exe -> Downloader.Adload.bx : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Findwhat : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Joe III\Application Data\Mozilla\Profiles\default\sdhur3n8.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@bfast[1].txt -> TrackingCookie.Bfast : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@casinopays[1].txt -> TrackingCookie.Casinopays : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@ehg-411web.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@ehg-adteractive.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@ehg-boltmedia.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@ehg-fromyouflowers.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@linksynergy[1].txt -> TrackingCookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Joe III\Cookies\joe iii@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Joe III\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup
C:\Documents and Settings\Joe III\Local Settings\Temporary Internet Files\Content.IE5\0LYJWXAZ\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\LocalService\Application Data\Мicrosoft.NET\wucrtupd.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@cityclub.gamingpromo[2].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@gamingpromo[1].txt -> TrackingCookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\LocalService\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AW9DQ9D2\drsmartload849a[1].exe -> Downloader.Adload.bo : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AW9DQ9D2\drsmartload[1].exe -> Downloader.Adload.bv : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AW9DQ9D2\keyboard25[1].exe -> Hijacker.StartPage.aju : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AW9DQ9D2\newname25[1].exe -> Downloader.VB.abm : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AW9DQ9D2\numbsoft[1].exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HDX5QW8J\ac2[1].txt -> Downloader.Agent.ahv : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HDX5QW8J\comscore[1].exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HDX5QW8J\drsmartload46a[1].exe -> Downloader.Adload.bo : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HDX5QW8J\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OV5CJNCM\ac2_0003[1].exe -> Downloader.Small.cpu : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OV5CJNCM\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S5R9GK2B\defender25[1].exe -> Downloader.Adload.bx : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S5R9GK2B\drsmartload45a[1].exe -> Downloader.Adload.bo : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S5R9GK2B\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S5R9GK2B\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Natalie\Application Data\Mozilla\Profiles\default\6pzs3enx.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@cbs.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@e-2dj6wgkogpcjilo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@e-2dj6wjl4sncjwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@eztracks.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Natalie\Cookies\natalie@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Natalie\Local Settings\Temp\Cookies\natalie@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Natalie\Local Settings\Temp\Cookies\natalie@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Natalie\Local Settings\Temp\Cookies\natalie@ads.euniverseads[2].txt -> TrackingCookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Natalie\Local Settings\Temp\Cookies\natalie@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Natalie\Local Settings\Temp\Cookies\natalie@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Natalie\Local Settings\Temp\Cookies\natalie@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Natalie\Local Settings\Temp\Cookies\natalie@www.sidefind[2].txt -> TrackingCookie.Sidefind : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Natalie Canamucio\Application Data\Mozilla\Profiles\default\qqmad3n8.slt\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.184:C:\Documents and Settings�

#7 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 07 June 2006 - 02:17 AM

Unfortunately, ComboFix was the meat of the earlier fix. We'll need to download & run it for this pass.

Please read this post completely before begining. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * *


Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:
  • Webhancer
    Command
    Netmon \ Network Monitor
    ToolBar888
Please note any other programs that you dont recognize in that list in your next response

* * * * * * DISABLING SERVICES * * * * * * * * * * * * * * * * *


Click Start -> Run - type SERVICES.MSC & then click on the OK button
  • Locate the service - Command Service (cmdService)
  • Double-click on it to open the Properties dialog.
    - Change the Startup type to Disabled & then click on the Apply button
    - Stop the service by using the Stop button.
  • Then start HiJackThis & go to Config... -> Misc.Tools -> Delete an NT service
  • In the popup box that appears, copy/paste cmdService
  • Click on the OK button & answer No if prompted to reboot
Repeat steps 1-5 for these other services :-
  • Network Monitor
    RemoteRegBck
* * * * * *


Download this file - combofix.zip
From within it, double click on combo.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Do not proceed with the rest of the fix if you fail to run combofix


* * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * *


Do a HijackThis scan & place a check next to these items and select "Fix checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINNT\System32\miqsr.exe
F2 - REG:system.ini: UserInit=userinit.exe,wexwcte.exe
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINNT\System32\x3cqp0.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINNT\System32\ssn6tuu.exe"
O4 - HKLM\..\Run: [w001d220.dll] RUNDLL32.EXE w001d220.dll,I2 0010ed820001d220
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\System32\dmonwv.dll (file missing)
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINNT\System32\x3cqp0.dll
O20 - Winlogon Notify: policies - C:\WINNT\system32\c8000idme80a0.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: RemoteRegBck - Unknown owner - C:\WINNT\regsvc.exe



* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.
  • Tick - 'Show hidden files and folder'
  • Untick - 'Hide file extensions for known types'
  • Untick - 'Hide protected operating system files'
  • Click Yes to confirm & then click OK
Locate and delete the following files/folders: (let me know if you fail to find/delete any)
  • C:\WINNT\TmF0YWxpZSBDYW5hbXVjaW8\
    C:\Program Files\Network Monitor\
    C:\WINNT\regsvc.exe
    C:\WINNT\System32\ssn6tuu.exe
    C:\WINNT\System32\x3cqp0.dll
    C:\Program Files\ToolBar888\
    C:\Program Files\webHancer\P
    C:\WINNT\System32\w001d220.dll
* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Delete Cookies
4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!



* * * * * *


* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found: Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  • HiJackThis log
  • DrWeb
  • ComboFix
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

#8 sUBs

sUBs

    sUBs


  • Malware Response Team
  • 2,489 posts
  • OFFLINE
  •  
  • Local time:03:13 PM

Posted 17 June 2006 - 05:04 AM

Due to the lack of feedback again, this Topic is closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users