Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log


  • This topic is locked This topic is locked
4 replies to this topic

#1 Hamitaf

Hamitaf

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 28 December 2006 - 01:31 AM

I have been havign serious spyware problems with my comeputer and have finally resigned to ask for help.
Its a used computer, and i have unfortunately inherited the former users pop-ups

I know that one problem is WebHancer, but there is probably other types of spyware
thanks in advance





Logfile of HijackThis v1.99.1
Scan saved at 9:34:50 PM, on 12/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1148878628\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\ggkzkhfA.exe
C:\WINDOWS\xpocnknA.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\Sloopy7.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\WINDOWS\sys038079777141.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ggkzkhf.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - URLSearchHook: (no name) - {A8B28872-3324-4CD2-8AA3-7D555C872D96} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,wurqqon.exe
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1148878628\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_e75.exe
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [ggkzkhfA] C:\WINDOWS\ggkzkhfA.exe
O4 - HKLM\..\Run: [xpocnknA] C:\WINDOWS\xpocnknA.exe
O4 - HKLM\..\Run: [windows] C:\\windows_e58.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Sloopy7.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [BodyGplOpenFast] C:\Documents and Settings\All Users\Application Data\Mp3MemoBodyGpl\Blue does.exe
O4 - HKLM\..\Run: [sys038079777141] C:\WINDOWS\sys038079777141.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/pro...138302D2D2D.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1152528671656
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/Solit...wn.cab31267.cab
O16 - DPF: {FF3C5A9F-5A91-4930-80E8-4709194C2AD3} (CheckersZPA Object) - http://zone.msn.com/bingame/zpagames/Check...PA.cab40641.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WebCheck - C:\WINDOWS\system32\mgiwave.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\ggkzkhf.exe

BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:23 PM

Posted 28 December 2006 - 04:04 AM

Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the results of the AVG Anti-Spyware report scan. Then do this - download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me with a new HijackThis log.

Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 Hamitaf

Hamitaf
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:23 AM

Posted 28 December 2006 - 03:41 PM

AVG Log:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:05:07 AM 12/24/2006

+ Scan result:



C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0054143.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kpjfkfda.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\offun.exe -> Adware.Bagon : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072748.dll -> Adware.BHO : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0055424.exe -> Adware.BkdSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0055425.exe -> Adware.BkdSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072744.dll -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072745.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\cmfibula.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\padrecover1.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc211\upd.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0042994.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0052108.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0056345.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0057377.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072615.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072633.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072639.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072646.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072726.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072731.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072732.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072735.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072756.dll -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP15\A0102938.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP15\A0102941.exe -> Adware.CASClient : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc215\uninstaller.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP9\A0032159.exe -> Adware.ClickSpring : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072746.dll -> Adware.Domhel : Cleaned with backup (quarantined).
C:\WINDOWS\system32\nskF8.dll -> Adware.Ezula : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Start Menu\Play Poker Online!.lnk -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072743.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\mmxsnet.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072755.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\amm06.ocx -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\mtuninst.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\mitFB.tmp.cab/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\mitFB.tmp/NNBar_VCSetup_876029.exe -> Adware.Mirar : Cleaned with backup (quarantined).
C:\WINDOWS\system32\WinNB58.dll -> Adware.Mirar : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\temp.frE5B6 -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc212\upd.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0036963.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP9\A0032355.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0046006.exe -> Adware.Relevant : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\C2FE0.tmp/cvn0.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072753.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\!KillBox\deskbar.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc165.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072736.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0086713.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP15\A0094837.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP15\A0094838.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP15\A0102942.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\C2FE0.tmp/wfxqhv.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\C2FE0.tmp/zqskw.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072747.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072754.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc203.exe/empty_00000001 -> Adware.Ucmore : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\temp.fr1620\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\license.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\readme.txt -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\sporder.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\whagent.exe -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\whagent.ini -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\Program Files\webHancer\Programs\whinstaller.exe -> Adware.Webhancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0033921.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0033922.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0034961.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0034962.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0034964.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0034965.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0035956.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0035957.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0035958.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0054153.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0054159.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0054161.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\snapshot\MFEX-3.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\snapshot\MFEX-4.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\snapshot\MFEX-5.DAT -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0086706.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0086707.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP15\A0102931.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP15\A0102933.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP17\A0110305.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP17\A0110306.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP9\A0032146.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP9\A0032324.inf -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP9\A0032344.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP9\A0032345.inf -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP9\A0032346.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP9\A0032356.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\webhancer\ESO -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0033920.exe -> Adware.Webhancer.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0086705.exe -> Adware.Webhancer.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP17\A0110304.exe -> Adware.Webhancer.a : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc207.exe -> Downloader.Adload : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072737.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072738.exe -> Downloader.Adload.de : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc199.exe -> Downloader.Adload.ed : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc177.exe -> Downloader.Adload.fg : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc178.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc179.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc180.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc181.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc182.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc183.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc184.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc185.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc189.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc190.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc192.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc193.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc194.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc195.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc196.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc206.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc216.exe -> Downloader.Adload.fy : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc161\cas2stub.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc198.exe -> Downloader.Agent.aaf : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP9\A0032357.dll -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072739.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\!update.exe -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Temporary Internet Files\Content.IE5\E1B18MO8\!update-4120[1].0000 -> Downloader.PurityScan.cu : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072727.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072729.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Windows Media Player\auxe.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP15\A0102939.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP9\A0032140.exe -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc219.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072734.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc163.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072741.exe -> Downloader.TSUpdate.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\immm\immmd\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072730.exe -> Downloader.TSUpdate.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072740.exe -> Downloader.TSUpdate.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0034955.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP9\A0032148.exe -> Downloader.VB.aga : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc186.exe -> Downloader.VB.air : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc187.exe -> Downloader.VB.amb : Cleaned with backup (quarantined).
C:\WINDOWS\sys0380797771412006.exe -> Downloader.VB.ngl : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0036965.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
C:\WINDOWS\ggkzkhfA.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP13\A0054149.exe -> Downloader.VB.wz : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\163.exe -> Downloader.Zlob.avo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0055347.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc201.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc209.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc162.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\WINDOWS\xpocnkn.exe -> Dropper.Agent.mu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\oins.exe -> Dropper.Small : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc97.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\v1201.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mege.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\MSN\pojoxawa.html -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\drsmartload180a.exe -> Hijacker.VB.fg : Cleaned with backup (quarantined).
C:\WINDOWS\ggkzkhf.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc176.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-1957994488-842925246-725345543-1004\Dc208.exe -> Hijacker.VB.ly : Cleaned with backup (quarantined).
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Temporary Internet Files\Content.IE5\D7VH7167\klite.ath[1].htm -> Not-A-Virus.Exploit.Win32.MS05013 : Cleaned with backup (quarantined).
C:\Documents and Settings\Fatimah\Cookies\fatimah@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@efashionsolutions.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@reunioncom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@reunioncom.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@tcompany.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Cookies\gaicbaah@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Cookies\gaicbaah@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\WINDOWS\Temp\Cookies\gaicbaah@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@thumbplay.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Cookies\gaicbaah@ad.admarketplace[2].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@track.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Cookies\gaicbaah@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Cookies\gaicbaah@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@test.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Cookies\gaicbaah@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\WINDOWS\Temp\Cookies\gaicbaah@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@www.directnetadvertising[1].txt -> TrackingCookie.Directnetadvertising : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@enhance[2].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@e-2dj6wjnyqpazwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Cookies\gaicbaah@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@findwhat[2].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@ehg-hollywood.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@ehg-maniatv.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@ehg-pcsecurityshield.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@ehg-ubid.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@ehg-ubid.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@server.lon.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@server.lon.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@www.lop[1].txt -> TrackingCookie.Lop : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@www.lop[1].txt -> TrackingCookie.Lop : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@www.myaffiliateprogram[2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@data1.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@project2.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Cookies\gaicbaah@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Cookies\gaicbaah@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@try.starware[1].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@ad.yieldmanager[4].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Gaicbaah\Local Settings\Temp\Cookies\gaicbaah@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\WINDOWS\Temp\Cookies\gaicbaah@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Fatimah\Cookies\fatimah@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Gaicbaah\Cookies\gaicbaah@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072749.dll -> Trojan.Agent.sx : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072750.exe -> Trojan.Agent.sx : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{54862E21-05D6-1033-0828-010928000001}\services.dll -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\R2FoY2JhYWho\lZICsZL1sq1C.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wcptr.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\uninstall_nmon.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F4C7D942-3A39-4796-ADBD-27D3AF4D805B}\RP14\A0072742.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).


::Report end

============================================================

Currently downloading SUPERAntiSpyware

#4 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:23 PM

Posted 29 December 2006 - 02:47 AM

OK, good. Post the results from that when done with a new HJT log and we can remove any stragglers manually.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#5 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:12:23 PM

Posted 07 January 2007 - 02:24 PM

Due to inactivity this topic will be closed.

If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users